M&S tells agency staff to work from home following cyber attack

UK retailer Marks & Spencer (M&S) is grappling with the fallout from an Easter cyberattack that has led to significant disruptions, including the suspension of online orders and in-store contactless payments.

Now, approximately 200 agency staff scheduled to work at M&S’s large clothing and homewares logistics centre in Castle Donington have been told not to come in, highlighting the escalating impact of the cyber incident. Agency workers comprise about 20% of the workforce at the Castle Donington site.

However, while agency staff are being told to stay home, M&S has informed its own employees at the distribution centre to report to work as usual. According to a source close to M&S, “There is work for them to do.”

M&S initially disclosed last week that it was suspending online orders due to the cyberattack but has released limited information about the specifics and extent of the incident. In a recent update to investors, the retailer stated that its product range remains “available to browse online, and our stores remain open and ready to welcome and serve customers.”  The company added that it is “working extremely hard to restore online operations and continue to serve customers well,” with the support of “leading experts.”

The duration of the disruption to M&S’s e-commerce operations remains unclear. Retail executives have described the cyberattack as “extensive,” suggesting that it could take a considerable amount of time for the company to fully resolve the issues.

Investor confidence has been affected by the ongoing situation. Shares in M&S experienced a further decline of 2.4% on Monday morning, following a sharp drop last week.