M&S website goes down a day after it warned of cyber attack disruption until July

Posted by. Posted onMay 22, 2025 Comments0
Mandatory Credit: Photo by Thomas Fuller/SOPA Images/Shutterstock (15313931b) In this photo illustration, the Marks and Spencer (M&S) logo is seen displayed on a smartphone screen. Photo illustration in Canada - 21 May 2025
It’s unclear what’s behind the current outage on the M&S website (Picture: Shutterstock)

Marks & Spencer’s website has gone down a day after warning the impact of a major cyber attack will last months.

Visitors to the M&S website were greeted with the message: ‘Sorry, you can’t browse the site currently. We’re making some updates and will be back soon.’

The BBC has reported that the site may be undergoing routine maintenance – but questions have been raised whether it is connected to last month’s hack.

M&S halted orders on its website and stores had empty shelves after being targeted by hackers around the Easter weekend.

They accessed customer personal data, which could have included names, email addresses, postal addresses and dates of birth.

The retail giant said on Wednesday that ‘human error’ caused the attack, which will cost the firm around £300 million, and chief executive Stuart Machin confirmed disruption could last until July.

epa12122867 A Marks and Spencer store in London, Britain, 21 May 2025. Retailer Marks and Spencer (M&S) has warned investors that last month???s ransomware attack is expected to cost the company 300 million British pounds (approximately 380 million US dollars) in trading profits. EPA/NEIL HALL
The high street giant was hit by the cyber attack over the Easter weekend (Picture: EPA)

Despite the issues, M&S reported a higher-than-expected adjusted pre-tax profit of £875.5 million for the year to March, up 22.2% from 2024.

Joe Jones, CEO of the cybersecurity attack simulation company Pistachio, previously explained to Metro that while the upmarket retailer seems like a rogue choice for hackers to go for, it makes a lot of sense.

‘M&S is a household name with a vast and loyal customer base, which makes it a high-value target for cybercriminals,’ he told Metro.

‘Large retailers hold enormous amounts of personal data, everything from names and addresses to detailed purchase histories. That kind of data is gold dust for attackers running social engineering scams or looking to sell verified profiles on the dark web.’

M&S, like many retailers, isn’t just a brick-and-mortar store. It’s websites, mobile apps, marketing emails and delivery services that amount to more ‘digital touchpoints that can be exploited’.

‘It’s not necessarily that M&S was uniquely vulnerable; rather, it’s a classic case of “big brand, big data, big target”,’ he added.

None of the victims of the breach has revealed the details of how crooks jimmied open their systems. The National Cyber Security Centre said that officials aren’t sure if the attacks are linked.

Get in touch with our news team by emailing us at webnews@metro.co.uk.

For more stories like this, check our news page.

Category

Leave a Comment