Marks & Spencer (M&S) has recently been the target of a significant cyber attack, which has had substantial repercussions on its operations and customer relations. The attack, which occurred in April, has left the retailer scrambling to restore services to normalcy. Customers have experienced issues such as empty shelves, disrupted deliveries, and suspended online orders, which have persisted weeks after the initial incident. On Tuesday, M&S advised its customers to be vigilant about potential phishing attempts via emails, calls, or texts falsely claiming to be from the retailer.
The retailer has now disclosed that the cyber attack led to the theft of some customer data. The compromised information includes contact details such as names, home addresses, phone numbers, and email addresses. Additionally, dates of birth and online order histories might have been accessed. However, M&S has assured that no usable payment or card details, nor account passwords, were taken. In response, the company will prompt customers to reset their passwords to ensure peace of mind. While no immediate action is required from customers, they are advised to remain alert to any attempts to misuse their information.
The problems for M&S began over the Easter weekend, with disruptions reported in Click & Collect services and contactless payments. The company confirmed it was addressing a "cyber incident," and though some services have since resumed, M&S halted online orders on its website and apps on April 25. More than two weeks later, there is still no confirmed date for the resumption of online orders. Customers who received a ready-to-collect email can pick up their orders in-store, and those who placed orders after April 23 will receive refunds.
The attack also affected physical stores, with some food items missing as the company took certain systems offline. Signs on empty shelves apologized for the technical issues impacting product availability. Although the availability of groceries improved over the early May Bank Holiday weekend, reports indicate that some stores still lacked items necessary for meal deals. An M&S spokesperson acknowledged these challenges and assured that the company is working diligently to replenish stock in stores.
Additionally, the cyber attack led to the temporary removal of job advertisements from the M&S website. A message on the site indicates that the company is working to restore this service. Despite the impact on operations, M&S has not disclosed specifics about the perpetrator of the attack. It is now known that it was a ransomware attack, a type of malicious software that encrypts a business's data, rendering it inaccessible unless a ransom is paid. The group "DragonForce" claimed responsibility for the attack on M&S, the Co-op, and an attempted breach of Harrods. DragonForce operates as an affiliate cybercrime service, enabling others to carry out attacks using their tools.
The ultimate users of DragonForce's services remain unidentified, but security experts suggest similarities with a group known as Scattered Spider or Octo Tempest. This group reportedly operates via Telegram and Discord channels, consisting of young, English-speaking hackers, some of whom are teenagers. The National Cyber Security Centre (NCSC) has issued a warning about cybercriminals impersonating IT help desks to infiltrate British retailers. The Metropolitan Police is investigating the M&S attack.
The cyber attack has significantly impacted M&S's business, with delays in resolution likely exacerbating the financial hit. The retailer's share price has dropped since the onset of these technical challenges, with over half a billion pounds erased from its market value. Online sales constitute about a third of M&S's clothing and home sales, with an average daily expenditure of £3.8 million on its website and apps. The online disruption may have driven some customers to physical stores, but it is also probable that many turned to competing online retailers instead. The timing of the incident coincides with warmer weather, a period typically associated with increased demand for summer clothing.
Retail analyst Catherine Shuttleworth from Savvy Marketing noted that the online impact would have been immediate, benefiting other retailers. The revelation of stolen customer data is a further setback for M&S, which had previously enjoyed customer support. However, the data breach could erode trust, as M&S is regarded as one of the most trusted brands in the UK.
One of M&S's major suppliers, Greencore, has resorted to using pen and paper for orders due to the attack. Greencore's CEO stated that they increased deliveries by 20% to ensure sufficient food stock for the bank holiday weekend. Thea Green, CEO of Nails Inc, expressed concern