Michelle ThompsonThe hack has erased over £500 million from Marks & Spencer’s market value over the last week.
Marks & Spencer has temporarily stopped delivering certain packaged food products to Ocado as it deals with the fallout from a cyber-attack that began a week ago.
The disruption, affecting a limited number of Ocado-listed items, comes after M&S suspended all orders through its own website and apps last Friday. Although M&S didn’t specify how many products were impacted, it stated it was working with Ocado and suppliers to reduce disruption to the small portion of its range handled through their joint network.
The ongoing cyber-attack has wiped more than £500 million from M&S’s stock market value over the past week. Experts believe the company has suffered a large-scale breach. M&S apologised for the disruption, noting that its online clothing and homeware sales – worth an average of £3.8 million per day – have been affected.
On Monday, M&S asked 200 agency staff at its Castle Donington distribution centre to stay home as M&S.com orders remained suspended for a fourth day, according to Sky News.
Customers can still browse the website and shop in stores using cash or card payments, although gift cards are currently not accepted. Clothing and homeware returns are being processed only at store tills or through the post, and food stores are not accepting returns.
M&S said no customer action is required, implying that customer data has not been compromised.
The company has brought in cybersecurity specialists to manage the investigation and reinforce its systems. It has restricted staff access through its virtual private network to limit the attack’s impact, according to the Sunday Times.
Clothing suppliers said they had not been told to pause deliveries but were concerned about the situation worsening if online orders remain frozen for another week.
One supplier noted that strong in-store sales and summer demand linked to warmer weather and upcoming weddings and school proms could be heavily affected if the problem continues into May.
The attack followed several days of technical issues in stores starting last Monday, impacting contactless payments and online order collections. Contactless payments resumed by Thursday evening.
A separate incident affecting contactless payments had already occurred during the busy Easter weekend. Customers continued to report difficulties collecting pre-attack online orders.
One shopper described travelling 18 miles to collect an order after receiving multiple emails, only to be turned away at the store. Others mentioned problems with processing returns.
M&S advised customers that orders placed after 23 April would be refunded and asked shoppers waiting to collect previous orders to wait for a confirmation email. The company admitted challenges particularly around party food and wedding cake orders, where some had to be cancelled.
Security specialists have urged customers to be alert for scams exploiting the incident.
Investec analyst Kate Calvert noted that the longer online sales remain suspended, the greater the negative impact on M&S’s profits. M&S, which reported strong Christmas sales in January, is scheduled to release its full-year results on 21 May.
