Marks and Spencer (M&S) has relaunched its click and collect service following a cyber attack that disrupted its operations for four months. The supermarket had to suspend online orders and experienced issues with contactless payments in stores due to the attack over the Easter weekend in April. Subsequently, M&S had to temporarily shut down part of its IT system.
In June, M&S started reopening online orders, and now the click and collect service is operational again. This service allows customers to purchase items online and pick them up in-store. Additionally, the Sparks app, which provides personalized discounts, birthday treats, and coffee stamps, is fully functional once more.
Customer data compromised in the cyber attack included names, email addresses, addresses, and dates of birth, but not payment details. M&S has advised customers to be vigilant if contacted by anyone claiming to be from the company and to change passwords if they have not yet logged into the Sparks app post-attack.
The cyber attack is expected to cost M&S around £300 million. Despite this setback, the company had seen annual profits rise by over a fifth to £875.5 million before the attack, thanks to its successful turnaround efforts.
M&S CEO Stuart Machin had previously stated that operations were anticipated to be fully restored by August. He also acknowledged the efforts of cybercrime investigators and emphasized the importance of cooperation in identifying and bringing the perpetrators to justice.
As a gesture of appreciation to its employees, M&S temporarily increased its colleague discount from 20% to 30% for four days for 63,000 staff members. Additionally, the company extended a 10% discount to more than 2,500 contractors and partners across its supply chain.