Marks & Spencer has relaunched its click and collect service following a cyber attack that disrupted its operations for four months. The supermarket ceased online orders and experienced disturbances in contactless payments in stores due to the attack that occurred over the Easter weekend in April. As a result, part of M&S’s IT system had to be temporarily shut down.
In June, M&S began gradually reopening online orders and has now confirmed the full restoration of its click and collect service, allowing customers to purchase items online and collect them in-store. Additionally, the company announced the restoration of its Sparks app functionality, enabling customers to utilize personalized discounts, birthday treats, and coffee stamps.
Customer data such as names, email addresses, addresses, and dates of birth were compromised in the cyber attack, although no card or payment details were accessed. M&S has advised customers to exercise caution if contacted by individuals claiming to represent the company and recommended changing passwords for those who have not logged into the Sparks app post-hack.
The cyber attack is projected to result in approximately £300 million in losses for the company. Prior to the attack, M&S reported a significant increase in annual profits, reaching £875.5 million, the highest in over 15 years, attributed to its successful turnaround initiatives. CEO Stuart Machin expressed optimism that operations would return to normal by August during the company’s annual general meeting.
Machin acknowledged the efforts of cybercrime investigators in addressing the incident and emphasized the importance of collaboration with law enforcement and business support in combating cyber threats. As a token of appreciation to its employees, M&S extended a 30% discount to 63,000 staff members and expanded a 10% discount to over 2,500 contractors and partners within its supply chain.
M&S’s proactive response to the cyber attack and its commitment to employee welfare reflect its determination to overcome challenges and ensure the security of its operations and customer data.