British retailer Marks & Spencer (M&S) has officially reinstated its click and collect service for clothing orders, 15 weeks after suspending it due to a major cyber attack and data theft.
Background: The Cyber Incident That Halted Services
On April 25, 2025, M&S paused online orders for clothing and home deliveries—just three days after disclosing a “cyber incident” that compromised its systems. This suspension affected both website and mobile app transactions, leaving customers unable to use the popular click and collect option.
The company resumed home delivery orders on June 10, but click and collect remained offline until now. As of Monday, M&S’s website confirms that the service is back in operation.
Financial Impact of the Hack
In May, M&S projected that the cyber attack could cost the company £300 million ($404 million) in lost operating profit for the 2025/26 financial year. The retailer aims to reduce the financial damage by half through insurance claims and cost-control measures.
Disruption to Store Operations
The breach forced M&S to take several systems offline, which not only reduced clothing availability but also impacted food stock in stores—further hurting sales.
What’s Next for M&S?
With click and collect now restored, M&S is expected to see an improvement in online and in-store sales. However, the long-term effects of the cyber incident, including customer trust and security system upgrades, remain key challenges for the retailer.
