M&S customers in limbo as cyber attack chaos continues

Marks and Spencer (M&S) customers have been telling the BBC of their frustration as disruption caused by the cyber attack which has hit the retailer continues into another trading week.

The incident – which it disclosed last Monday – has caused delayed parcels, paused online orders and suspended gift card payments, and has seen the retailer take down several parts of its operations over the last few days.

It has yet to disclose the nature of the cyber attack or when it expects operations to return to normal. Some customers told the BBC that M&S’ communication over affected orders has been “disappointing”.

Analysts warn the incident may affect the reputation of the retailer among its customers.

Dan Coatsworth, investment analyst at AJ Bell, said M&S’s success was “built on trust” – and this was something customers may question after it suspended online orders.

“The longer it takes to draw a line under the cyber incident, the greater the risk to Marks & Spencer’s reputation,” he told the BBC.

“Shoppers want to know that their personal and financial details are safe when buying goods online and Marks & Spencer failing to give the all-clear implies that something is very wrong at its end.”

Customers have described problems at tills, self-checkout and online orders in messages sent to BBC News.

Others say they have had to cancel orders for clothes which they were expecting to collect before going on holiday, or have been unable to return goods they had previously bought.

But some have expressed sympathy for the staff at the stores, who they say have been on the receiving end of abuse from angry customers, or having to deal with shopping abandoned at the tills when customers were unable to pay when contactless payments were down.

Gift cards and vouchers are still not working, according to a number of customers.

For some, the issues have also impacted deliveries of gifts such as flowers.

Linda Sonntag, who lives in Norwich, told the BBC she was left “disappointed” after a flower delivery arranged for a friend never arrived.

While she had been refunded for a separate clothing order, on Monday she said she was still awaiting a refund and email with information about her order.

“In the meantime I’ve had to order flowers from somewhere else,” she said.

“I don’t blame them, they’ve had a cyber attack,” Ms Sonntag added.

“But I don’t think their attitude towards their customers is very helpful.”

Dawn Cunnington of Exeter, agreed the company was not to blame, but said she had no communication from M&S about her own flower order not being fulfilled.

She had ordered flowers on Wednesday, on behalf of her 91-year-old mother, for her mother’s friend, who was celebrating their 90th birthday.

“I’d had nothing from them until I phoned up,” she told the BBC.

Ms Cunnington said she received a refund and a £10 apology voucher after calling M&S to find out what happened to the flowers, but was “a bit cross” they had allowed her to place the order in the first place, given it was aware of cyber incident.

M&S remains silent on how the cyber attack unfolded, the nature of the attack and how specifically it has been affected by it – leaving cyber security experts to speculate as to what might have happened.

It is known it has hired external cyber security experts, who are likely to be a team of Incident Response specialists who will be working around the clock either at the headquarters of the company or remotely.

Their first priority is likely to be find out where the hackers are in the IT system and kick them out.

Switching off computer servers used in their online ordering, payment or logistics systems might imply that security teams have isolated that portion as a way the hackers gained entry.

They might also have taken these offline to stop the hackers from spreading their malicious software into those previously unaffected areas.

It might also be the case that the company is taking all non-business critical services offline to help deal with the hack.

“In situations like this, in-store services are typically prioritised for recovery, which can mean online operations take slightly longer to restore,” said Sam Kirkman, a director at cyber-security firm NetSPI.

He told the BBC that while M&S taking steps like pausing services may make the incident seem “even more serious from the outside,” they would allow staff to contain any potential threats and begin recovery safely.

Meanwhile the company’s share price has fallen almost 10% over the past week.

The retailer’s shares fell by 2.5% in morning trading on Monday, as the week began with no update for customers or investors about its decision to pause online orders on Friday.

About a third of M&S’s clothing and household goods’ sales in the UK are through its online platforms and were worth some £1.268bn in latest published financial results.

Susannah Streeter, head of money and markets at Hargreaves Lansdown, said even though M&S’s physical stores were still open, many of them “simply don’t stock the popular ranges from online”.

She added clothes sales were “likely to take a big hit” as the cyber-attack had occurred during a spell of warm weather when summer ranges would be “piling up in virtual baskets”.

Additional reporting by Michael Race