M&S has issued an update to customers as shoppers are still facing major problems.
The supermarket has revealed it has still been unable to get its services back to normal following a crippling cyber attack.
1
It said it was “really sorry” it hasn’t been able to offer its usual services this week.
“We are working day and night to manage the current cyber incident and get things back to normal for you as quickly as possible,” chief executive Stuart Machin said in a statement.
“Thank you from me and everyone at M&S for all the support you have shown us. We do not take it for granted and we are incredibly grateful.
“Our teams are doing the very best they can, and are ready to welcome you into our stores – whether you are shopping for food or for fashion, home and beauty this bank holiday weekend.
“Thank you for your support and thank you for shopping with us. We will continue to keep you updated.”
The supermarket first revealed it had been hit by a major cyber attack on Monday, April 21.
Customers first noticed contactless payments going down and disruption to click and collect orders.
The supermarket was then forced to suspend all online orders through its website and app on Friday.
M&S said at the time this was part of its “proactive management” of the cyber attack and apologised for the disruption.
Shoppers have also experienced empty shelves and shortages of popular items such as bananas, fish, and the iconic Colin the Caterpillar cakes.
The retailer has admitted there have been “pockets of limited availability in some stores” because some systems had to be temporarily taken offline.
The Sun understands that availability is expected to improve over the coming days.
We also understand M&S does not yet have a timeline on when online orders will be back.
Shoppers can still get the M&S range through the Ocado website as normal.
You can also still buy what you need in M&S stores, and contactless payments are back up and running.
Timeline of cyber attack
- Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues.
- Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the “cyber incident” in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms “minor, temporary changes” to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) and engages external cybersecurity experts.
- Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of “proactive management”.
- Wednesday, April 23: Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected.
- Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February.
- Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S’s share price.
- Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home.
- Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores.
An infamous criminal gang known as “Scattered Spider” is thought to be behind the cyber attack.
It is one of the most prolific cyber gangs of the past 18 months and specialises in ransomware.
This is a type of attack designed to steal information or access in exchange for a sum of money.
Some M&S staff have alleged the supermarket’s systems were “held to ransom by a criminal gang”.
M&S has called in the National Crime Agency and the National Cyber Security Centre to help it deal with the attack.
Other major retailers hit
Two other major retailers have reported hacking attempts this week.
The Co-op, which operates over 2,000 grocery stores and 800 funeral homes, said it had closed part of its IT system following an attempted hack.
It said on Tuesday in a letter to staff that it had “taken proactive steps to keep our systems safe”, including restricting access to certain systems.
Stores are operating as normal and The Co-op has said there is no indication customer data has been affected.
Luxury department store Harrods has also been targeted by cyber hackers, Sky News has reported.
One customer told the broadcaster he had been unable to pay for a purchase earlier in the day.
A Harrods spokesperson said: “We recently experienced attempts to gain unauthorised access to some of our systems.
“Our seasoned IT security team immediately took proactive steps to keep systems safe, and as a result, we have restricted internet access at our sites today.”
It said its stores and website were operating as normal and customers should not do anything differently.