Hundreds of agency staff working for Marks and Spencer have been told to stay at home, with online orders still suspended after a cyberattack.
Problems were first reported on Easter Monday, and eight days on the business is still grappling with the fallout.
Around 200 people who had been due to come in for shift work at the retailers Castle Donington logistics centre for clothing and homewares were told not to come in today, Sky News reported, though staff employees were still expected at work.
The incident has seen shares at the company plummet, dropping a further 2.4% this morning with no positive update on the problem.
Each post shared to the official Instagram account is now flooded with comments on the ongoing disruption, with one mum writing that her daughter, who works for the business, ‘has returned home in tears due to the abuse by a handful of customers’.
Responding to another woman asking what had happened to her order, a customer service rep warned that ‘any orders placed after Wednesday April 23 – for home delivery or Click & Collect – will not be processed and customers will receive a full refund’.
In thier latest official update to customers, on Friday, Marks said: ‘As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps. Our product range remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers.
‘We informed customers on Tuesday that there was no need for them to take any action. That remains the case, and if the situation changes we will let them know.
‘Our experienced team – supported by leading cyber experts – is working extremely hard to restart online and app shopping.
‘We are incredibly grateful to our customers, colleagues and partners for their understanding and support.’
The business has not revealed the nature of the ‘cyber incident’,
However, Nathaniel Jones, VP of Security & AI Strategy at cybersecurity firm Darktrace, said: ‘M&S taking systems offline suggests this is likely a ransomware related event.
‘It demonstrates how quickly cyber incidents can cripple retail operations across both digital and physical channels and the suspension of online orders shows the cascading impact these attacks can have on revenue streams.
‘Retailers are increasingly targeted because they combine valuable customer data with complex, interconnected systems.
‘M&S should be in good hands with support from both NCSC and NCA. Their quick action to isolate affected systems shows appropriate crisis management, but this incident highlights why cybersecurity must be a fundamental business priority, not just an IT concern.’
Problems began a week ago, when shoppers were unable to use contactless payment including Apple Pay in stores.
While this was eventually fixed, the company then suspended online orders, with no date given for when they are expected to be running again.
Marks and Spencer has reported the problems to the National Cyber Security Centre and hired cybersecurity experts to investigate further.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.
