4 hours ago
The cyber-attack at Marks & Spencer is continuing to cause chaos for shoppers, with no clarity yet as to when the retailer’s systems will be fully back up and running.
Website orders remain on hold for the fourth day in a row, and those affected also include customers waiting to collect orders or wanting to spend or buy M&S gift cards, as well as users of the retailer’s Sparks customer reward scheme.
What happened, and when will it be sorted out?
The “cyber incident” began a week ago and has affected stores as well as its online business. Last Friday the company halted all orders through its website and apps.
By Monday evening this “pause” in taking orders – which also applies to people who try to buy over the phone – was ongoing. M&S said it was “working very hard to get operations back online”, but was unable to give any timeframes for when the problems would be fixed.
The retailer’s stores are still open and operating, and shoppers can still browse its website and app. Contactless payments are also back online in stores after they were affected by the cyber issue last week.
What’s the situation with existing orders?
On its Facebook page, M&S has been telling customers that orders placed after last Wednesday (23 April) would be cancelled and refunded. It added that customers should receive an email to confirm this over the next few days, if they haven’t already.
If you are expecting to pick up a Click & Collect order over the next few days for an order placed before that date, M&S says you should wait for your “ready to collect” notification email before coming into the store to get the item.
However, some customers have posted messages in which they suggested they had been unable to pick up their orders, leading to “wasted journeys”.
Click & Collect is predominantly clothing and homeware. It appears the situation is slightly different for those who have ordered food items such as sandwich platters and party food. Some customers have been told that food orders have been arriving as normal, but the retailer has been unable to send “ready to collect” emails. It added: “If there are any issues, we’ll notify you by email, otherwise the food will be there for you as expected.”
What about returns?
On Monday, M&S told customers they could return items via a staffed till point in any of its Clothing & Home stores, and a member of staff would be able to issue the refund. Alternatively, you can amend your return method to post.
The retailer is not currently accepting returns at its M&S Simply Food locations.
Are M&S gift cards back up and running?
Initially, the cyber-attack meant M&S wasn’t accepting gift cards payments in-store. However, posts on Facebook indicate that for a while at the weekend, they were available once again.
skip past newsletter promotionafter newsletter promotion
But on Monday afternoon, the Guardian was told that the current position was that it was not possible to redeem or buy gift cards. Clearly that could change again.
What about the Sparks app?
Sparks is M&S’s customer reward scheme. However, some customers have reported that, for example, their Sparks account hasn’t automatically updated to reflect recent in-store spending, or they have Sparks offers they want to use but which are due to expire in a few days.
In posts on Facebook, M&S said it was working to get Sparks back online. In the meantime it was advising customers to keep hold of receipts as proof of spending, and to take screenshots of things such as offers.
Should I be worried about my data?
Typically with an incident such as a cyber-attack, if there has been a data breach, the company or organisation will message its customers or employees to let them know that their personal information has – or may have been – accessed.
M&S customers say they have not received any such notifications, and the company has said there was “no need for [customers] to take any action”, suggesting their data has not been accessed.
Meanwhile, on Facebook, in response to a customer who asked if there was a risk that M&S credit card details had been compromised, and whether it was still safe to use the card in the company’s stores or elsewhere, a company representative replied: “It is safe to shop with M&S. We responded quickly and have taken appropriate steps to protect our customers and our business.”
Nevertheless, while we await more information, there is no harm in being extra vigilant when it comes to any calls or emails that you receive, particularly those seeking personal or financial information. Security experts have warned shoppers to watch out for scammers capitalising on the high-profile incident.
M&S has reported the incident to data protection supervisory authorities and the UK government’s Cyber Security Centre.
