M&S website down following disruptions after cyber attack

The Marks & Spencer website is down, leaving users unable to browse, as the retailer continues to deal with the aftermath of a cyber-attack last month.

Customers have been unable to make online orders for weeks but on Wednesday evening users were met with a screen reading: “Sorry you can’t browse the site currently. We’re making some updates and will be back soon.”

M&S has been contacted for comment.

Earlier in the day, the retailer said it estimates that the cyber-attack will hit this year’s profits by around £300m. It added that its online services would continue to be disrupted until July, with a gradual return to normal.

Following the cyber attack, M&S said some personal customer data was stolen in the recent cyber attack, which could include telephone numbers, home addresses and dates of birth.

The High Street giant assured customers that the data theft did not include useable payment or card details, or any account passwords, but added that online order histories could be included in the personal data stolen.

The attack took place over the Easter weekend, initially affecting click-and-collect and contactless payments. A few days later M&S put a banner on its website apologising that online ordering was not available.

M&S estimates that the cyber attack will hit this year’s profits by around £300m – more than analysts had expected and the equivalent to a third of its profit – a sum that would only partly be covered by any insurance pay-out.

“Over the last few weeks, we have been managing a highly sophisticated and targeted cyber-attack, which has led to a limited period of disruption,” said M&S chief executive Stuart Machin.

Police are focusing on a notorious group of English-speaking hackers, known as Scattered Spider, the BBC has learned.

The same group is believed to have been behind attacks on the Co-op and Harrods, but it was M&S that suffered the biggest impact.