Marks & Spencer has reopened its website for online orders six weeks after a cyber-attack, which forced a halt to online shopping and is estimated to cost the retailer up to £300m in profits. Some personal customer data was also compromised.
M&S website resumes online orders six weeks after cyber-attack
Marks & SpencerRetail industryBusinessCybercrimeTechnologyUK
AI Summary
TL;DR: Key points with love ❤️Marks & Spencer has reopened its website for online orders six weeks after a cyber-attack, which forced a halt to online shopping and is estimated to cost the retailer up to £300m in profits. Some personal customer data was also compromised.
Trending- 1 Easter weekend (late March/early April 2025): Cyber-attack on M&S systems.
- 2 Days after Easter weekend: Cyber-attacks reported by Co-op and Harrods.
- 3 Six weeks after Easter weekend (June 10, 2025): M&S website resumes online orders.
- 4 June 10, 2025: Article published.
- 5 Coming weeks: Deliveries to Northern Ireland, click and collect, next-day delivery, nominated-day delivery, and international ordering to resume.
- 6 Until July (2025): Disruption to website could last.
- Estimated £25m weekly loss in sales
- Up to £300m profit loss (partially offset by insurance)
- Disruption to in-store stock
- Compromise of customer personal information
- Forced investment in IT systems
- Reputational damage
What: Marks & Spencer's website has resumed online orders after a six-week halt due to a cyber-attack.
When: Published June 10, 2025; six weeks after (Easter weekend); Easter weekend (cyber-attack occurred); July (disruption could last until).
Where: UK (England, Scotland, Wales, Northern Ireland for deliveries).
Why: Cyber-attack by 'threat actors' (thought to be Scattered Spider) forced the retailer to halt online operations.
How: M&S reopened its website for standard delivery, with other services to follow. The company is bringing forward IT system investments to recover.