M&S website down day after shop warned of cyber attack disruption until July
Just a day after an executive said disruptions from a cyber attack will last until July, the Marks & Spencer website is down for customers again.
Visitors to the M&S website are greeted with the message: ‘Sorry, you can’t browse the site currently. We’re making some updates and will be back soon.’
The BBC has reported that the site may be undergoing routine maintenance, but questions have been raised after the recent cyber incident.
M&S halted orders on its website and stores had empty shelves after being targeted by hackers around the Easter weekend.
The hackers accessed customer personal data, which could have included names, email addresses, postal addresses and dates of birth.
The retail giant said on Wednesday that ‘human error’ caused the attack, which will cost the firm around £300 million, and chief executive Stuart Machin confirmed disruption could last until July.
Despite recent issues, M&S reported a higher-than-expected adjusted pre-tax profit of £875.5 million for the year to March, up 22.2% from 2024.
Joe Jones, CEO of the cybersecurity attack simulation company Pistachio, previously explained to Metro that while the upmarket retailer seems like a rogue choice for hackers to go for, it makes a lot of sense.
‘M&S is a household name with a vast and loyal customer base, which makes it a high-value target for cybercriminals,’ he told Metro.
‘Large retailers hold enormous amounts of personal data, everything from names and addresses to detailed purchase histories. That kind of data is gold dust for attackers running social engineering scams or looking to sell verified profiles on the dark web.’
M&S, like many retailers, isn’t just a brick-and-mortar store. It’s websites, mobile apps, marketing emails and delivery services that amount to more ‘digital touchpoints that can be exploited’.
‘It’s not necessarily that M&S was uniquely vulnerable; rather, it’s a classic case of “big brand, big data, big target”,’ he added.
None of the victims of the breach has revealed the details of how crooks jimmied open their systems. The National Cyber Security Centre said that officials aren’t sure if the attacks are linked.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.