Marks & Spencer’s website remains offline as the retail giant continues its recovery from a devastating cyber attack that struck around the Easter weekend, exposing customer data and halting online operations.
Visitors to the site are currently met with a maintenance message:
“Sorry you can’t browse the site currently. We’re making some updates and will be back soon.”
However, sources confirm this is not routine maintenance, but a consequence of a sophisticated cyber attack that has crippled online orders and left shelves empty in-store.
What Happened?
M&S confirmed on Wednesday that “human error” enabled the cyber attack, which is now forecast to cost the company around £300 million in losses and disruption. The attackers reportedly accessed personal data including names, email addresses, postal addresses, and dates of birth.
Chief Executive Stuart Machin acknowledged that the disruption may persist until July, as the company continues a phased recovery of its systems.
Company’s Financial Performance
Despite the setback, M&S reported adjusted pre-tax profits of £875.5 million for the year ending March 2025 — a 22.2% year-on-year increase.
The retailer had been enjoying renewed momentum across its food and clothing divisions prior to the attack, raising concerns about the long-term reputational and operational impact.
Cybersecurity Now a Board-Level Issue
The incident serves as a cautionary tale for all large corporations.
“The M&S cyber attack is a powerful reminder that no business is immune. Complex, globally connected systems are particularly vulnerable,” Cottrill said.
He stressed the importance of security-by-design principles, regular threat testing, and employee awareness training to reduce exposure to future attacks.
Customer Advice
M&S has not yet confirmed if customer payment data was accessed but is urging all users to reset passwords, monitor financial accounts, and remain vigilant.
The Information Commissioner’s Office (ICO) has been notified. A full forensic investigation is ongoing, with City of London Police and cybersecurity specialists involved.
What’s Next?
- Full website functionality is not expected to resume until mid-summer.
- M&S stores remain open, but some stock levels have been affected.
- Customers are advised to follow M&S updates via social media or the M&S app, which remains partially operational.
