Blogs
Mradul Sharma

Author

  • Published: Jun 10 2025 04:56 PM
  • Last Updated: Jun 10 2025 04:57 PM

Marks & Spencer's website is back after a massive cyberattack paused orders for weeks. Find out what happened, how they recovered, and what’s next.


Newsletter

wave

If you tried ordering from Marks & Spencer recently and got nowhere, you're definitely not alone. Their entire online system was down — website and app both — for a solid six weeks. Turns out, it wasn’t just a technical glitch or maintenance thing. It was a full-blown cyberattack.

What happened was, a hacker group called Scattered Spider (yeah, weird name) basically broke into their system during the Easter weekend. The hackers sent some awful ransom emails to top M&S staff, and everything had to be shut down right away. Honestly, it sounded like a mess. Orders just stopped, and no one really knew when things would get back to normal. The good news is, customer payment info and passwords weren’t taken, but names, addresses, and some personal details were exposed. It’s scary to think how these things happen to such big companies.

The Money Side of Things Wasn’t Pretty Either

It’s not just about the website being down — M&S actually lost a ton of money because of this. We’re talking close to £300 million in damages overall. That’s a massive hit for any business. Every week the site was offline, they were losing somewhere between £25 to £40 million. And remember, this is a time when lots of people shop online, so it couldn’t have come at a worse moment.

M&S did say they’re hoping to get back about half of that loss through their cyber insurance, which helps a bit. But still, that’s a huge financial dent. On top of that, people were frustrated, orders were stuck, and it just became one of those situations where everything felt off. You could really tell they were trying to keep things together behind the scenes.

Online Orders Are Back — But Not Everything’s Fully Ready Yet

Now for the part everyone was waiting for — yes, the M&S website is finally working again. You can place orders online now, at least in England, Scotland, and Wales. But not everything is fully up yet. Services like next-day delivery, click-and-collect, and international shipping will roll back in slowly over the next few weeks.

The team at M&S says they’ve been working non-stop to rebuild and improve their systems so this kind of thing doesn’t happen again. They’re also speeding up their original digital upgrade plans, which were supposed to take about three years. Now, they’re trying to finish all that work in just 18 months. That’s pretty ambitious, but you kind of have to move fast after something like this. They’ve also been working with UK cyber experts and police to investigate what happened.

Customers Are Being Told to Stay Cautious

Even though the most sensitive data like passwords and card details weren’t leaked, it’s still a good idea to be cautious. M&S has asked customers to take a few steps just to be safe:

  • Change their account passwords

  • Turn on two-factor authentication

  • Watch out for any weird emails or messages pretending to be from M&S

  • Avoid clicking on suspicious links or offers

It’s that kind of situation where it’s better to be safe than sorry. Cyberattacks are getting more advanced, and even trusted companies like M&S aren’t totally safe.

A Bigger Sign of What’s Happening in Retail

Honestly, this isn’t just about M&S. Over the past year or two, several major brands have been hit by similar attacks — think Co-op, Harrods, Adidas, even Cartier. It shows how vulnerable big retailers are, especially when they rely so much on online platforms. This might push more companies to take cybersecurity seriously, not just for their own sake, but to protect customers too.

People are shopping online more than ever, and no one wants to wonder if their details are floating around in some hacker’s inbox. So yeah, while it’s good that M&S is back, this might just be the start of a much bigger conversation.

FAQ

Marks & Spencer’s website went offline because of a cyberattack by a hacker group. They had to shut down everything to protect customer data and rebuild their systems.

Yes, M&S has reopened its website and added extra security measures. You can shop again, but some delivery services are still being restored.

No financial details like card numbers or passwords were leaked, but some personal information like names and addresses were exposed.

Not yet. Those services are being brought back gradually over the next few weeks as things get back to normal.

It’s best to change your password, enable two-factor authentication, and watch for any suspicious activity or emails.

Search Anything...!