Marks and Spencer (M&S) has finally resumed click-and-collect services months after being hit by a major cyber attack.
The company halted online ordering for clothing and home deliveries on its website and mobile app on 25 April, and contactless payments and click and collect systems stopped working in stores at the same time.
The high street retailer started phasing back in online orders for delivery in early June, however, click-and-collect remained unavailable.
A new update on the company’s website reads: “Click & Collect is now available for fashion, home and beauty online orders.”
The ‘cyber incident’ has proven costly for M&S, with the attack predicted to cut the company’s profits by as much as £300 million this year – although it’s hoping to recoup some of this through insurance.
Speaking to a business and trade select committee last month, M&S chair Archie Norman described the incident as ‘traumatic’.
“For a week probably, the cyber team had no sleep, or three hours a night,” he said. “We’re still in the rebuild mode and will be for some time to come.”
The attack is believed to have been carried out by the DragonForce ransomware-as-a-service operation – most likely an affiliate of Scattered Spider.
First discovered in 2023, the group is also thought to be behind recent attacks on a number of other retailers, including Co-op and Harrods. Between January and March this year, it posted 58 victims on its leak site.
Last month, four people were arrested as part of a National Crime Agency (NCA) investigation into the attacks targeting M&S, Co-op, and Harrods.
“Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the agency’s highest priorities,” said Paul Foster, head of the NCA’s National Cyber Crime Unit.
“Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice.”
New guidance issued in wake of M&S attack
In May, the incidents prompted the National Cyber Security Centre (NCSC) to issue guidance on how organizations should tighten up their security practices.
The M&S hack is believed to have taken place through a social engineering attack that involved impersonating workers and IT help desks.
To reduce the risk, the NCSC said companies should review their password reset policies, and in particular how IT help desks authenticate workers when they make a reset request.
They should be particularly cautious in the case of senior employees with escalated privileges, such as Domain Admin, Enterprise Admin and Cloud Admin accounts, and make sure that they’re using multi-factor authentication (MFA) across the board.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
