LONDON – Marks & Spencer’s website was temporarily down in the early hours of Thursday morning, just hours after the retailer disclosed the severe financial toll of a ransomware attack that hit last month.
Shoppers attempting to access the M&S site were met with a holding page stating: “We’re making some updates and will be back soon.” The disruption, though brief, raised eyebrows.
Especially coming on the heels of the retailer’s announcement that the cyberattack is expected to cost the company a staggering £300 million. By around 7am, the website had returned to normal.
Sky News reports that the downtime was simply routine maintenance. But given the timing, some customers speculated otherwise.
Online orders have remained suspended since the attack on 22 April, with only limited services expected to resume in the coming weeks. A full recovery? Not likely until July.
Despite the disruption, M&S chief executive Stuart Machin remains optimistic. “This incident is a bump in the road, and we will come out of this in better shape, and continue our plan to reshape M&S for customers, colleagues and shareholders,” Mr Machin told analysts on Wednesday.
He added that the retailer is “on the road to recovery.” The breach has been linked to the Scattered Spider group – a notorious hacker collective also associated with attacks on The Co-op and Harrods.
Last week, M&S confirmed that personal data belonging to some customers had been accessed. However, the company insisted that no “usable payment or card details” were compromised.
Customer passwords were also unaffected. Still, names, addresses, and phone numbers were reportedly stolen.
The cyberattack’s ripple effects are hitting M&S hard. The company’s market value has dropped by over £1 billion as concerns mount.
Yet the brand is determined to push forward, promising a robust comeback strategy focused on both digital and physical retail evolution.
