Marks & Spencer has reopened its website to shoppers, six weeks after it was forced to halt online orders after a cyber-attack.
On its website, M&S said customers “can now place online orders with standard delivery to England, Scotland and Wales”, while deliveries to Northern Ireland will resume in the coming weeks.
It said it would also resume click and collect, next-day and nominated-day delivery and international ordering in the coming weeks.
In a social media post, John Lyttle, the retailer’s managing director for fashion, home and beauty, said: “We are bringing back online shopping this week. A selection of our best-selling fashion ranges will be available for home delivery to England, Scotland and Wales from today.
“More of our fashion, home and beauty products will be added every day and we will resume deliveries to Northern Ireland and click and collect in the coming weeks.”
M&S added: “We’re working hard to resume these services as soon as possible.”
The company’s shares rose by 4% and were among the top risers on the FTSE 100.
The retailer is estimated to have been losing about £25m in online clothing and homewares sales a week after it was forced to stop taking orders on its website within days of “threat actors” – thought to be a hacking collective known as Scattered Spider – gaining access to its systems over the Easter weekend.
The company expects the hack to cost it up to £300m in profits this year, although about half of that is expected to be offset by insurance and other measures. It had previously said disruption to its website could last until July, and some online services are not expected to restart immediately.
Shoppers have been able to browse online, and shop in M&S’s physical stores using cash or cards, for most of the period since the hack.
However, stocks of food and clothing in stores have also been affected, meaning M&S has lost out during a busy period for retailers as a warm, sunny spring has driven an unexpected rise in household spending.
M&S has also admitted that some personal information relating to thousands of customers – including names, addresses, dates of birth and order histories – was taken in the cyber-attack.
Stuart Machin, the chief executive of M&S, has said he expects the retailer to recover “at pace”, helped by bringing forward investment in its IT systems and website as part of the systems rebuild forced on it by the hackers.
Machin said last week that he “went into shock” when he was first told late at night about the ransomware attack. He insisted it did not cause a “crisis” but was more of “a setback, a bump in the road” for M&S.
“I went into shock. It’s in the pit of your stomach, the anxiety. But you have to think: ‘Stuart, you have to lead this, you have to keep a cool head,’” Machin told the Mail on Sunday. As a result, the company will speed up efforts to overhaul its digital infrastructure, which was originally due to take three years but may now take a year and a half.
“I have learned everyone is vulnerable. The hackers only need to be lucky once,” Machin said.
The attack on M&S emerged days before cyber-attacks were reported by the Co-op and Harrods. More recently, the sportswear brand Adidas and the lingerie group Victoria’s Secret have also been targeted.
