Britain’s M&S Enters 2nd Week of Sales Disruption After Cyberattack

Britain’s Marks & Spencer entered a second week unable to take online clothing and home orders on Friday following a major cyberattack, hitting sales of new season ranges as the country basks in record temperatures.

Some 700 million pounds ($930 million) has been wiped off the stock market value of M&S since the hack was revealed last week, and news that retailers Co-op Group and London department store Harrods had faced smaller incidents in recent days was described as a “wake up call” by the government’s National Cyber Security Centre (NCSC).

British companies, public bodies and institutions have been hit by a wave of cyberattacks in recent years, costing them tens of millions of pounds and often months of disruption.

The 141-year-old M&S, one of the best known names in British business, stopped taking clothing and home orders through its website and app on April 25 following problems with contactless pay and click and collect services over the Easter holiday weekend.

On Friday, Chief Executive Stuart Machin again apologized to M&S shoppers, without saying when online ordering would resume.

“We are working day and night to manage the current cyber incident and get things back to normal for you as quickly as possible,” he said in an e-mail sent to M&S customers.

With M&S, which has about 1,000 stores across Britain, making around one-third of its clothing and home sales online, analysts have said a short-term profit hit is inevitable.

M&S has declined to quantify the financial impact so far.

One of the most worrying aspects of the attack for M&S, say analysts, is how long it will drag on for.

Customers were locked out of their accounts for almost three months last year after a cyberattack at London transport operator TfL, while a cyberattack on a blood test processing company in London also last year disrupted services for over three months.

Availability of some food products has also been affected in some stores, while the disruption may be having a broader impact on the running of M&S, which has pulled job postings on its website.

Shares in M&S were down 2% on Friday, extending losses since Easter to about 9%.

‘Increasingly Sophisticated’ Attacks

Helen Dickinson, CEO of trade body the British Retail Consortium, said cyberattacks were becoming “increasingly sophisticated,” forcing retailers to spend hundreds of millions of pounds every year on defenses.

“All retailers are continually reviewing their systems to ensure they are as secure as possible,” she said.

The NCSC is working with the affected retailers, while the Metropolitan Police’s Cyber Crime Unit and the National Crime Agency (NCA) are investigating the M&S attack.

“These incidents should act as a wake-up call to all organizations,” said NCSC CEO Richard Horne.

“I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”

Labour lawmaker Matt Western, Chair of parliament’s Joint Committee on the National Security Strategy, said the government should do more to prevent major cyberattacks.

“As the Government concludes its consultation on proposals to counter ransomware, I hope its response treats these threats with the seriousness they clearly deserve.”

($1 = 0.7524 pounds)

(Reporting by James Davey and Sarah Young, editing by Kate Holton and Elaine Hardcastle)

Related: