Hundreds of agency staff working for Marks and Spencer have been told to stay at home, with online orders still suspended after a cyberattack.
Problems were first reported on Easter Monday, and eight days on the business is still grappling with the fallout.
Around 200 people who had been due to come in for shift work at the retailers Castle Donington logistics centre for clothing and homewares were told not to come in today, Sky News reported, though staff employees were still expected at work.
The incident has seen shares at the company plummet, dropping a further 2.4% this morning with no positive update on the problem.
In thier latest official update to customers, on Friday, Marks said: ‘As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps. Our product range remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers.
‘We informed customers on Tuesday that there was no need for them to take any action. That remains the case, and if the situation changes we will let them know.
‘Our experienced team – supported by leading cyber experts – is working extremely hard to restart online and app shopping.
‘We are incredibly grateful to our customers, colleagues and partners for their understanding and support.’
The business has not revealed the nature of the ‘cyber incident’,
However, Nathaniel Jones, VP of Security & AI Strategy at cybersecurity firm Darktrace, said: ‘M&S taking systems offline suggests this is likely a ransomware related event.
‘It demonstrates how quickly cyber incidents can cripple retail operations across both digital and physical channels and the suspension of online orders shows the cascading impact these attacks can have on revenue streams.
‘Retailers are increasingly targeted because they combine valuable customer data with complex, interconnected systems.
‘M&S should be in good hands with support from both NCSC and NCA. Their quick action to isolate affected systems shows appropriate crisis management, but this incident highlights why cybersecurity must be a fundamental business priority, not just an IT concern.’
More to follow.
Get in touch with our news team by emailing us at [email protected].
For more stories like this, check our news page.
MORE: Are you getting old or is M&S suddenly cool? The truth revealed
MORE: Cyber attack forces M&S to stop taking orders online sending shares plummeting
MORE: M&S ‘cyber incident’ still impacting contactless payments and collections
