British retailer Marks & Spencer (M&S) has resumed taking online orders for clothing lines after a 46-day hiatus following a cyberattack. The company had stopped taking clothing and home orders through its website and app on April 25 due to problems with contactless pay and click-and-collect services.
Impact of the Cyberattack
The cyberattack had a significant impact on M&S’s operations, resulting in:
– Lost Sales: The company expects to lose around £300 million in operating profit in its 2025/26 financial year due to the attack.
– Disrupted Supply Chain: The attack affected M&S’s ability to get food and clothing into stores, resulting in lost sales due to warm and sunny weather.
– System Downtime: The company’s website and app were unavailable for online orders, causing inconvenience to customers.
How the Cyberattack Occurred
According to M&S, the hackers broke into its systems by tricking employees at a third-party contractor, allowing them to skirt digital defenses and launch the cyberattack.
Recovery and Future Plans
M&S has resumed standard home delivery in England, Scotland, and Wales for the majority of its clothing range, with more products being added daily. The company expects to:
– Resume Delivery to Northern Ireland: In the coming weeks.
– Restore Click and Collect Services: In the coming weeks.
– Improve Technology: Use the crisis to accelerate improvements to its technology.
Industry Context
The cyberattack on M&S is part of a larger trend of retailers facing cyber threats. Recent incidents include:
– Co-op Group: UK grocer disclosed a cyber incident.
– Adidas: The German sportswear group disclosed a cyber incident.
– Cartier: The luxury jeweler disclosed a cyber incident.
– Victoria’s Secret: The US lingerie company disclosed a cyber incident.
M&S’s experience highlights the importance of cybersecurity in the retail industry. The company is working to recover from the attack and improve its technology to prevent future incidents.
