London, May 23 — Marks & Spencer’s (M&S) website is back online after a temporary outage on Wednesday evening, following weeks of disruption caused by a major cyber-attack that has impacted the British retailer’s digital operations and is expected to cost the company around £300 million in annual profits.
The site became accessible for browsing again shortly after 07:00 BST on Thursday, the company confirmed, after overnight updates were implemented. On Wednesday evening, users attempting to access the site were met with a message stating: “Sorry you can’t browse the site currently. We’re making some updates and will be back soon.”
The return of browsing capabilities marks a partial recovery in what has been a prolonged digital outage for M&S. The retailer suspended all online orders in the wake of a cyber-attack over the Easter weekend that initially affected click-and-collect services and contactless payments.
In a statement on Thursday morning, M&S said: “Our website is open for browsing. As we work to get things back to normal for our customers we are doing some overnight updates.” The company warned, however, that full online functionality will not be restored until July, with a gradual return to normal operations expected over the coming weeks.
M&S chief executive Stuart Machin described the incident as a “highly sophisticated and targeted cyber-attack.” While some of the financial losses will be mitigated through insurance coverage, the projected £300 million impact on annual profits exceeds analyst expectations.
The breach also compromised some personal customer data, including telephone numbers, home addresses, dates of birth, and online order histories. The company assured customers that no usable payment or card data, nor account passwords, were accessed during the breach.
Law enforcement agencies are investigating a hacker group known as Scattered Spider, believed to be responsible for the attack. The same group is suspected of launching similar operations against UK retailers Harrods and Co-op, but the damage to M&S is believed to be the most extensive.
The incident marks a significant cybersecurity challenge for one of the UK’s largest and most iconic retailers, underscoring growing concerns over the vulnerability of major retail infrastructure to cyber threats.
