M&S restores click and collect service 15 weeks after cyber attack

Marks & Spencer has announced the full return of its popular click and collect service, more than three months after a damaging cyber attack brought its online operations to a standstill.

The retailer had suspended all online orders and in-store collections for its clothing and home divisions on Easter weekend, following a sophisticated hack attributed to the notorious Scattered Spider group.

The cyber attack, which hit on April 25, caused widespread disruption. Not only was the company’s online business severely impacted, but in-store operations were also affected, leading to bare shelves in some locations as the supply chain was compromised. The company’s online order service resumed on June 10, but the crucial in-store collection service has remained offline until now.

M&S confirmed that some customer data was stolen during the incident and has advised customers to remain vigilant against phishing attempts via email, calls, or texts claiming to be from the retailer. The financial fallout from the breach is expected to be substantial. The company estimates that the cyber attack will result in a profit reduction of approximately £300 million for the current year, though it hopes a portion of this loss will be covered by insurance.

Despite the significant financial and operational damage, there is a sense of cautious optimism. M&S chief executive Stuart Machin had previously assured investors that the retailer expected to be over the worst of the incident’s aftermath by August.

The full restoration of the click and collect service, 15 weeks after the initial attack, signals that M&S is moving closer to that goal and is once again operating at full capacity. The return of the service will be a welcome relief to both the retailer and its customers.