Marks and Spencer, the popular British multinational retailer, declared that its online services will remain disrupted until July, due to last month’s cyber-attack on them.
Customers haven’t been able to shop online for nearly a month, as the brand is struggling to recover from the incident.
"We expect online disruption to continue throughout June and into July as we restart, then ramp up operations," an M&S representative said.
Estimates say that M&S will face severe financial damage of £300 million this year. This loss equivalent to a third of its profit, could not be covered by any insurance.
The cyber-attack took place during the Easter weekend, disturbing the click-and-collect and contactless payments first. The executive team did find “suspicious activity” during that weekend. Couple of days later, M&S had to upload a banner on their website apologising for the unavailability of online ordering option.
The police are investigating the incident with their focus on a notorious group of English-speaking hackers, called as Scattered Spider. This group is also assumed to be behind the attacks on Co-op and Harrods. However, M&S suffered the biggest lost due to this.
The brand could respond quickly and act on time, as a result of the cyberattack simulation they did last year. It prepared the brand to face the unexpected, efficiently.
This attack was not a mere manipulation of technological loopholes. The hackers utilised social engineering techniques, by relying on human error to breach the brand’s security. They gained a “third party” access through a company that worked alongside Marks and Spencer.
"We took our online system down ourselves to protect the website and customers" said M&S chief executive Stuart Machin.
Lisa Forte, a cyber-security expert from Red Goat also said that, there are high chances for the retailers to pay huge sum of money to the hackers. Otherwise, the hackers make sure they pay the next time, by leaking or selling data. In that scenario, M&S dealt the issue well, by reaching out to the public quickly, she added.
M&S has been using a turnaround strategy since 2022, which updates in-store ranges and the chain’s property portfolio, with digital technology and back-office systems. These strict policies contributed to their financial growth.
The strategy brought a 22% spike in profit before tax and other costs to £875 million. Their sales also grew by 6.1% to £13.9 billion, with leading food sales.
The M&S team believes that the attack has led to new and innovative ways of working for them.
The pause in online shopping will cost the brand, especially in the areas of fashion, home and beauty. Insurance is expected to cover only a third of their loss. Usage of manual processes that produced additional waste and logistic cost, also added to the expenses. The brand will have to overcome the obstacles of data loss, litigation and future-proofing of the business from further attacks as well.
"This incident is a bump in the road, and we will come out of this in better shape, and continue our plan to reshape M&S for customers, colleagues and shareholders," said Mr Machin.
