M&S announces return of online orders

Marks & Spencer (M&S) has announced that its online services will resume this week following last month's cyberattack.

Shoppers have not been able to place orders on the M&S website or app since 25 April, and it had been unclear when online orders would resume.

Shares in M&S (LON:MKS) fell 9.7% in those six weeks. M&S’ annual results published last month projected a £300 million hit to its profits in the 2025/26 financial year as a result of the attack.

Subscribe to MoneyWeek

Subscribe to MoneyWeek today and get your first six magazine issues absolutely FREE

Get 6 issues free

Sign up to Money Morning

Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter

Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter

Sign up

“We are bringing back online shopping this week,” said M&S managing director, fashion home & beauty John Lyttle in a statement. “A selection of our best-selling fashion ranges will be available for home delivery to England, Scotland and Wales.

“More of our fashion, home and beauty products will be added every day and we will resume deliveries to Northern Ireland and Click and Collect in the coming weeks.”

M&S shares have gained 3.7% this morning, as the announcement is ahead of the previous timeframe that management had expected to resume online orders. The company had previously suggested the resumption of online orders may not happen until July.

M&S's problems began over the Easter weekend, with customers unable to use contactless payments, gift cards or scan their M&S Sparks loyalty card. The company confirmed it was dealing with a "cyber incident" and although those services have resumed, on 25 April, it stopped taking online orders.

The high-street giant later revealed that some customer data, including contact details and dates of birth, was also stolen during the hack.

M&S said the personal information taken could include online order histories, but no usable payment or card details, or account passwords, were stolen.

Martyn James, a consumer expert, said the disruption showed “just how dangerous cyberattacks can be”, and that the empty shelves and suspension of online orders would be hugely damaging to M&S’s profits.

Bank of America estimated that M&S was losing £40 million in sales every week since the attack knocked out its online orders.

With online orders to resume soon, is it still worth investing in M&S?

When will M&S start taking online orders again?

Online orders are due to resume this week, though the wording of the statement suggests that its full range won’t be immediately available.

Online orders had been suspended since 25 April. On 2 May, M&S put out a note on its social media channels saying it was “working day and night to manage the current cyber incident and get things back to normal for you as quickly as possible”.

On 21 May, Stuart Machin, chief executive of M&S, said about the cyberattack: “It has been challenging, but it is a moment in time, and we are now focused on recovery, with the aim of exiting this period a much stronger business.

“There is no change to our strategy and our longer-term plans to reshape M&S for growth and, if anything, the incident allows us to accelerate the pace of change as we draw a line and move on.”

In addition, Sparks offers have been suspended; M&S says “they will be back shortly and shared in the normal way”.

What customer data has been taken and what should I do?

M&S has written to all customers that it has email addresses for, informing them that some personal data has been taken.

This could include their name, date of birth, telephone number, home address, household information, email address and online order history.

M&S said in an update on 13 May: “Importantly, there is no evidence that this data has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action.”

However, it added that for “extra peace of mind”, customers will be prompted to reset their password the next time they visit or log onto their M&S.com account on the website or app.

Jayne Wall, operations director at M&S, said in an email to customers: “You might receive emails, calls or texts claiming to be from M&S when they are not, so do be cautious.

“Remember that we will never contact you and ask you to provide us with personal account information, like usernames, and we will never ask you to give us your password.”

‘I’ve been impacted by the M&S problems. What are my rights?’

M&S says customers should get in touch with customer service if they have a query or complaint. The customer service number is 0333 014 8555, or you can visit the help and support webpage.

You can also send a message to M&S’s X account.

The retailer has given out gift cards to some customers affected by cancelled orders, for example where celebration cakes were cancelled at the last minute. So, it may be possible to get compensation or a goodwill gesture depending on how the cyberattack has impacted you.

Martyn James says: “When it comes to cyberhacks or a business that can't operate as per normal, you have two types of loss: direct loss (you paid for something but it never turned up), and consequential loss (you bought a gift that wasn't delivered on time so a birthday was ruined).

“Direct losses should always be refunded. Consequential loss is complicated. So, if your gift card expired because you couldn't use it, that's a 'direct' loss and you should get the money.

“But if your mum didn't get her birthday present on time then it's annoying but it's harder to quantify. You can ask for a 'gesture of goodwill' to reflect the spoiled event, but don't get too excited.”

How does the cyberattack affect M&S shareholders?

The cyberattack made a big dent in M&S’ share price. Between 23 April and their trough on 13 May, the shares fell 14.9%.

However, they have since staged a steady recovery as the business has responded to the attack’s impacts. The timely resumption of online orders appears to have boosted optimism around M&S still further.

The upshot is that, at time of writing, M&S shares are down just 0.8% through the year to date.

It will need to continue to implement a robust recovery plan in order to fully reassure the market. “The clock is ticking, and not only will M&S need to reassure investors that corrective actions have been taken, but also that they will have a stronger line of defence to prevent [another cyberattack] happening again,” Richard Hunter, head of markets at Interactive Investor, told MoneyWeek.

“While [the cyberattack is] frustrating for investors, the bigger picture needs to be kept in mind,” said Aarin Chiekrie, equity analyst at Hargreaves Lansdown. “The cyberattack is likely a one-off event, and the underlying business is performing well. M&S is gaining market share, improving profitability, and the balance sheet is in great shape.

“The ongoing negative headlines have caused the valuation to fall in recent weeks, and it now sits in line with peers, which doesn’t look too demanding given the above-average growth in food. This could mark an attractive entry point for investors willing to ride out some turbulence in the near term,” added Chiekrie.

Hunter adds that there is plenty to be cheerful about with the retailer: “M&S has come strongly back into fashion with investors and customers alike, and its transformation builds on what was already its jewel in the crown, namely its food business.

"Further tweaks to its store rotation programme, more investment into smaller ranges such as home and beauty, while targeting an improvement to its online offering and a reset of its international business have all been signs of a business which has not been resting on its laurels.”

Who was responsible for the M&S cyberattack?

On 6 June, the BBC reported that M&S CEO Stuart Machin was sent a ransom note directly from the hacker group DragonForce, using an employee email account.

Using graphic and violent language, the note informed Machin that M&S’ servers had been encrypted and invited him to visit the group’s darknet website, saying “the dragon wants to speak to you”.

The attack was a ‘ransomware’ attack, a type of malicious software used to scramble data or files after gaining access to a business's computer systems. Hackers often threaten to leak or sell the data to pressure a company to pay a ransom.

DragonForce has also claimed to be behind an attack on the Co-Op (where it says it stole huge amounts of customer and employee data) and an attempted hack of Harrods.