Marks & Spencer has reopened its website for customers to browse online after taking the site down overnight as part of efforts to recover from last month’s cyber attack.
The retail giant said on Wednesday that “human error” had caused the attack, which is set to cost the firm around £300 million, and chief executive Stuart Machin confirmed disruption could last until July.
The retail giant had taken the site down in order to carry out updates, with visitors met with the message: “Sorry you can’t browse the site currently. We’re making some updates and will be back soon.”
It confirmed the site was back up and running early on Thursday morning, but for browsing only.
M&S halted orders on its website and saw empty shelves after being targeted by hackers around the Easter weekend, and customer personal data, which could have included names, email addresses, postal addresses and dates of birth, was also taken by hackers in the attack.
This week the company reported a higher-than-expected adjusted pre-tax profit of £875.5 million for the year to March, up 22.2 per cent on the previous year.
Robert Cottrill, technology director at digital firm ANS, said it was “vital” M&S took its time to get system recovery right, in order to ensure security and prevent future incidents.
“M&S appears to be taking the appropriate and necessary steps following the cyber attack, with a likely focus on restoring core systems and recovering critical data,” he told the PA news agency.
“The extended disruption may well be a result of attackers having targeted key infrastructure, which takes time to fully assess, secure and restore.
“Given the scale and complexity of M&S’s globally connected operations, the recovery process is understandably meticulous, with multiple interconnected systems requiring scrutiny.”
“It’s essential that M&S prioritises a secure and complete recovery over a rapid one. Rushing to bring systems back online without full assurance of their integrity could risk further compromise.
“Ensuring robust security at every layer before resumption is not just sensible – it’s vital.
“The major disruption and sales loss M&S has seen following the incident serve as a powerful reminder to all organisations: cybersecurity must be treated as a board-level issue. No business is immune to cyber threats, and those with complex digital ecosystems are particularly vulnerable.
“Effective incident response plans, regular testing and collaboration with cybersecurity experts are critical to minimising disruption.
“But more than that, a proactive approach that includes threat detection, security-by-design principles, and employee awareness is the best defence against increasingly sophisticated attacks.”
Co-op cyber attack: What happened and when will shops be back to normal?
M&S warns cyber attack disruption will last until July and hit profits by £300m
UK retailer Marks & Spencer puts cyberattack cost at $400 million with disruptions ongoing
The M&S cyberattack has caused chaos – the UK’s enemies will be watching and learning
Doctors say above-inflation pay rises aren’t enough as they threaten strike action
Ghosting and gaslighting could trigger depression and paranoia, study finds
