Marks & Spencer (M&S) is continuing to deal with the aftermath of the cyberattack it suffered in April, with several internal IT systems yet to fully recover.
The retailer’s buying and merchandising teams are still operating on faulty systems, even as customer-facing platforms have largely been restored. Earlier this week, M&S relaunched its click-and-collect service, signalling progress in bringing its online operations back on track.
The cyberattack, which took place over the Easter bank holiday weekend, caused in-store contactless payment systems to fail and forced M&S to halt online orders. The company also faced difficulties in keeping store shelves stocked in the immediate aftermath of what it described as a “highly sophisticated cyber incident.” It has since spent three months rebuilding its IT infrastructure.
M&S has estimated that the ransomware attack cost the business US $ 406 million in lost profits. The retailer is attempting to offset the impact through cost management, insurance, and other trading measures. While it resumed online recruitment last month, it is understood that a hiring freeze remains in place for certain functions.
Appearing before MPs last month, M&S chair Archie Norman described the cyberattack as “an out of body experience.” He said the retail business was accustomed to competition and operational challenges, but rarely had to face “a criminal actor in another country—or possibly in this one—seeking to stop customers shopping at M&S and essentially trying to destroy the business.”
