UK Multinational Marks & Spencer Halts Online Sales After Cyber Breach

UK retailer Marks & Spencer has advised 200 of its employees in key online distribution centers to stay at home, the Guardian reported. The communication came days after the retailer paused online orders from its apps and website following the Marks & Spencer cyber breach.

Online Disruption

The M&S cyber attack started a week ago, affecting the retailer’s online business and stores. The stocks of the company dropped in April 28 morning trading amidst the cyber incident. M&S has lost over £700 million in market valuation since the problem began.
The retailer apologized to online shoppers for the M&S online disruptions caused by the cyber incident saying it is “working extremely hard to restart online and app shopping.”

“As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com website and apps. Our product range remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers,” the retailer posted on X.

The disruption affects its online homeware and clothing sales that amount to about £3.8 million per day on average. However, the company said shoppers could still shop in physical M&S stores in cash or using cards or browse the company website.

The Payment Problem

The retailer decided to close its website after stores that collect online orders and use contactless payments were hit on April 21. The stores experienced problems for several days. The retailer restored contactless payments late on April 24.

But a different technical problem with contactless payments was reported again on Saturday, April 26. Shoppers said they experienced problems collecting online orders that had been made from the company shutdown its website,
“I have received several emails asking me to collect, made a special journey to my local store, 18 miles, only to be told I could not collect. Staff were brilliant,” a shopper posted on Facebook.

Another shopper said, “I returned an online order in the store yesterday but it’s not showing on my account.”
Through its social media pages, the UK-based retailer informed shoppers that orders placed after April 23 would be refunded. The retailer asked shoppers who expected to collect their online orders this week to wait for a notification email before making a trip to the store.

Customer Action

M&S said that shoppers are not required to take any action, ruling out the possibility that hackers may have accessed customer data following the data breach incident. To keep the attack from spreading, the retailer reported that it had limited virtual private network access to its systems for staff who work remotely.

It also engaged cybersecurity experts to investigate the cyber attack and manage the problem and reported the attack to the National Cyber Security Center and the data protection supervisory authorities. The British multinational also said that it was taking the necessary action to protect its network in order to continue service to shoppers.

Cyber security experts asked online shoppers to beware of scammers who seek to leverage high-profile attacks such as the M&S data security incident. The pause on online onlines will have a huge impact on M&S sales.

“Fashion sales are likely to take a big hit particularly as the attack has come during the spell of warm weather when summer ranges would ordinarily be piling up in virtual baskets. While other retailers have not been immune to IT breaches, the depth of Marks and Spencer’s problems in resolving the issue are worrying, and it may take some time to win back some more warrier shoppers,” Head of Money and Markets at Hargreaves Lansdown, Susannah Streeter said.

Kate Calvert, an analyst at Investec said that the more time M&S takes to resume online sales, the more loss the retailer will suffer. The company reported strong sales in January following the holiday season.