Marks & Spencer’s website is back online and available for browsing, following a prolonged outage caused by a major cyber-attack.
For several hours on Wednesday evening, users were unable to access the site entirely. A message on the homepage read: “Sorry you can’t browse the site currently. We’re making some updates and will be back soon.”
By just after 07:00 on Thursday, the retailer confirmed the site was back online for browsing after overnight updates. However, customers still cannot place online orders—a disruption that began several weeks ago and is expected to continue until July.
The cyber-attack, which occurred over the Easter weekend, initially affected click-and-collect services and contactless payments. Days later, M&S suspended all online ordering.
On Wednesday, the company said it expects the incident to reduce its annual profits by around £300 million—significantly more than analysts had anticipated. While some losses will be covered by insurance, the retailer warned that online services would remain partially disrupted for the next several weeks.
M&S also revealed that customer data had been stolen during the breach. The stolen information may include names, telephone numbers, home addresses, and dates of birth. However, the company assured customers that no useable payment details or account passwords were accessed, though online order histories may have been compromised.
Chief executive Stuart Machin described the incident as a “highly sophisticated and targeted cyber-attack,” and thanked customers for their patience.
Authorities are investigating a group of English-speaking hackers known as Scattered Spider, which is believed to be behind the attack. The same group has been linked to cyber-attacks on Co-op and Harrods, but M&S has suffered the most significant fallout.
In a Thursday morning statement, M&S said: “Our website is open for browsing. As we work to get things back to normal for our customers, we are doing some overnight updates.”
About The Author
