Marks & Spencer’s website remains offline as the retail giant continues its recovery from a devastating cyber attack that struck around the Easter weekend, exposing customer data and halting online operations.
Visitors to the site are currently met with a maintenance message:
“Sorry you can’t browse the site currently. We’re making some updates and will be back soon.”
The retailer had been enjoying renewed momentum across its food and clothing divisions prior to the attack, raising concerns about the long-term reputational and operational impact.
Cybersecurity Now a Board-Level Issue
The incident serves as a cautionary tale for all large corporations.
“The M&S cyber attack is a powerful reminder that no business is immune. Complex, globally connected systems are particularly vulnerable,” Cottrill said.
He stressed the importance of security-by-design principles, regular threat testing, and employee awareness training to reduce exposure to future attacks.
Customer Advice
M&S has not yet confirmed if customer payment data was accessed but is urging all users to reset passwords, monitor financial accounts, and remain vigilant.
The Information Commissioner’s Office (ICO) has been notified. A full forensic investigation is ongoing, with City of London Police and cybersecurity specialists involved.
What’s Next?
- Full website functionality is not expected to resume until mid-summer.
- M&S stores remain open, but some stock levels have been affected.
- Customers are advised to follow M&S updates via social media or the M&S app, which remains partially operational.
