Jump directly to the content

M&S shoppers are facing empty shelves as the retailer struggles to manage the ongoing fallout from a huge cyber attack.

This comes after the retailer's announcement last Friday confirming the suspension of all online orders, leaving customers unable to make purchases through its website.

Empty bread shelves in a store with one loaf of bread remaining.
2
M&S has not yet confirmed the nature of the cyber breachCredit: x.com/Markontheradio/
Empty supermarket shelves.
2
The retailer said it currently has "pockets of limited availability" in some storesCredit: x.com/Markontheradio/

Since then, shoppers have reported coming across "completely empty" shelves in M&S food halls.

Staple items including bananas, fish, and the iconic Colin the Caterpillar cakes have even become hard find in some sites.

At one store, saw signs posted on hot food counters stating they were "temporarily closed".

The notice read: "Due to technical issues, we aren’t able to offer these products at the moment."

Read more in money

When questioned, staff suggested that the supply disruptions were connected to a cyber attack.

An M&S spokesperson said: "As part of our proactive management of the incident, we took a decision to take some of our systems temporarily offline.

"As a result, we currently have pockets of limited availability in some stores.

"We are working hard to get availability back to normal across the estate."

M&S has not yet confirmed the nature of the cyber breach.

But has reported the attack was due to the company being "held to ransom by a criminal gang".

Fabulous Fashion teams sneak preview of new season M&S

Timeline of cyber attack

  • Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues.
  • Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts.
  • Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of "proactive management".
  • Wednesday, April 23: Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected.
  • Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February.
  • Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price.
  • Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home.
  • Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores.

Shares in M&S continued to slide on Monday morning as the retailer grappled with the ongoing fallout from a major cyber breach.

Since the incident began, over £700million has been wiped off the company's stock market valuation.

Last week, M&S issued an apology to customers after the breach disrupted orders and payments.

Shoppers faced significant issues, including being unable to collect orders in-store, tills being shut down, and refunds temporarily unavailable.

On Friday, the retailer confirmed it had suspended orders on its website and app for a fourth consecutive day due to the disruption.

The impact has also extended to its workforce, with M&S instructing approximately 200 agency workers at its Castle Donington distribution centre in the East Midlands to remain at home.

The facility handles clothing and homewares logistics, and operations have been heavily affected by the breach.

In a sign of progress, contactless payments in stores have now been restored after being initially disrupted by the cyber issue.

M&S has reported the incident to the National Cyber Security Centre and data protection supervisory authorities, as investigations into the breach continue.

Susannah Streeter, head of money and markets at Hargreaves Lansdown, said the pause on online orders will be "hugely damaging for sales".

Read More on The Sun

"Fashion sales are likely to take a big hit particularly as the attack has come during the spell of warm weather when summer ranges would ordinarily be piling up in virtual baskets," she added.

"While other retailers have not been immune to IT breaches, the depth of Marks and Spencer's problems in resolving the issue are worrying, and it may take some time to win back some more warier shoppers."

What is a cyber attack?

A CYBER attack is any deliberate attempt to disrupt, damage, or gain unauthorised access to computer systems, networks, or digital devices.

These attacks can target individuals, businesses, or even governments, and their motives can range from financial gain to political disruption.

Cyber attacks can take many forms, employing various techniques to achieve their malicious goals.

Common types of cyber attacks include:

  • Malware: Malicious software designed to damage or gain control of a system. Examples include viruses, worms, ransomware, and spyware.
  • Phishing: Deceptive attempts to trick individuals into revealing sensitive information such as usernames, passwords, or credit card details, often through fake emails or websites.
  • Denial-of-Service (DoS) Attacks: Flooding a network or server with traffic to overwhelm its resources and make it unavailable to legitimate users.
  • SQL Injection: Exploiting vulnerabilities in website databases to gain unauthorised access to data.
  • Ransomware: Malware that encrypts a victim's data and demands a ransom for its release.
  • Social Engineering: Manipulating individuals into performing actions or divulging confidential information.
Topics