If you tried ordering from Marks & Spencer recently and got nowhere, you're definitely not alone. Their entire online system was down — website and app both — for a solid six weeks. Turns out, it wasn’t just a technical glitch or maintenance thing. It was a full-blown cyberattack.
What happened was, a hacker group called Scattered Spider (yeah, weird name) basically broke into their system during the Easter weekend. The hackers sent some awful ransom emails to top M&S staff, and everything had to be shut down right away. Honestly, it sounded like a mess. Orders just stopped, and no one really knew when things would get back to normal. The good news is, customer payment info and passwords weren’t taken, but names, addresses, and some personal details were exposed. It’s scary to think how these things happen to such big companies.
The Money Side of Things Wasn’t Pretty Either
It’s not just about the website being down — M&S actually lost a ton of money because of this. We’re talking close to £300 million in damages overall. That’s a massive hit for any business. Every week the site was offline, they were losing somewhere between £25 to £40 million. And remember, this is a time when lots of people shop online, so it couldn’t have come at a worse moment.
M&S did say they’re hoping to get back about half of that loss through their cyber insurance, which helps a bit. But still, that’s a huge financial dent. On top of that, people were frustrated, orders were stuck, and it just became one of those situations where everything felt off. You could really tell they were trying to keep things together behind the scenes.
Online Orders Are Back — But Not Everything’s Fully Ready Yet
Now for the part everyone was waiting for — yes, the M&S website is finally working again. You can place orders online now, at least in England, Scotland, and Wales. But not everything is fully up yet. Services like next-day delivery, click-and-collect, and international shipping will roll back in slowly over the next few weeks.
The team at M&S says they’ve been working non-stop to rebuild and improve their systems so this kind of thing doesn’t happen again. They’re also speeding up their original digital upgrade plans, which were supposed to take about three years. Now, they’re trying to finish all that work in just 18 months. That’s pretty ambitious, but you kind of have to move fast after something like this. They’ve also been working with UK cyber experts and police to investigate what happened.
Customers Are Being Told to Stay Cautious
Even though the most sensitive data like passwords and card details weren’t leaked, it’s still a good idea to be cautious. M&S has asked customers to take a few steps just to be safe:
-
Change their account passwords
-
Turn on two-factor authentication
-
Watch out for any weird emails or messages pretending to be from M&S
-
Avoid clicking on suspicious links or offers
It’s that kind of situation where it’s better to be safe than sorry. Cyberattacks are getting more advanced, and even trusted companies like M&S aren’t totally safe.
A Bigger Sign of What’s Happening in Retail
Honestly, this isn’t just about M&S. Over the past year or two, several major brands have been hit by similar attacks — think Co-op, Harrods, Adidas, even Cartier. It shows how vulnerable big retailers are, especially when they rely so much on online platforms. This might push more companies to take cybersecurity seriously, not just for their own sake, but to protect customers too.
People are shopping online more than ever, and no one wants to wonder if their details are floating around in some hacker’s inbox. So yeah, while it’s good that M&S is back, this might just be the start of a much bigger conversation.