It’s back! M&S has begun to take online fashion orders again after being forced to halt purchases through its website in April following a damaging (and costly) cyberattack.
The retail giant said shoppers were now able to buy a selection of fashion items, including clothing and footwear, for home delivery in England, Scotland and Wales. Its shares were up almost 4% in Tuesday (10 June) trading on the FTSE 100.
It said beauty and homeware products would be available in the coming days, However, click & collect and delivery services to Northern Ireland are only expected to resume “in the coming weeks”, it said.
The return of online shopping marks a major milestone for the retailer, which has been struggling to get services back to normal since the cyber attack, which left some shelves empty and deliveries on standby.
M&S was hit by a cyberattack over the Easter weekend, which initially affected its click & collect and contactless payments. A few days later, the company suspended online orders, and warned services could continue to be disrupted until July.
But on Tuesday, M&S managing director of fashion, home and beauty, John Lyttle, said a selection of the retailer’s “best-selling” fashion ranges would now be available online.
On social media, Lyttle confirmed: “We are bringing back online shopping this week. A selection of our best-selling fashion ranges will be available for home delivery to England, Scotland and Wales from today”.
According to reports, the retailer is estimated to have been losing about £25 million in online clothing and homewares sales a week.
M&S has also estimated that the cyber ttack will hit this year’s profits by around £300 million and a sum that would only partly be covered by any insurance payout.
Some personal customer data was stolen by hackers during the attack, which the retailer has said could have included telephone numbers, home addresses and dates of birth. The company has told customers that the data theft did not include useable payment or card details, or any account passwords.
One analyst said the online shopping return was welcome but problems remain. Pippa Stephens, Senior Apparel Analyst at GlobalData, said: “Marks & Spencer’s resumption of online orders across select fashion products following a cyberattack will be a welcome relief for shoppers, with many holding off on purchases for almost seven weeks due to its physical locations being less convenient to visit or there being insufficient stock in-store.
“However, the retailer is currently estimating delivery times of up to 10 days, which may still deter customers who are accustomed to faster delivery options from its competitors. Many key products are also lacking availability across several sizes, which could frustrate customers and lead to lost sales opportunities.”
“M&S was one of the biggest winners in the UK apparel market in 2024, with its market share rising 0.4ppts to 5.2%, the highest it has been since 2017. This upward trajectory has now been compromised by the cyberattack, with GlobalData estimating that the retailer could have lost up to £130m in online apparel sales while its website was down, depending on how much spend shifted to stores. There are further losses to come still until the website is fully operational again, with disruption expected to continue until at least July.
“The impact of this cyberattack will be long-lasting for M&S, with the stealing of customer data potentially undermining its hard-won gains in brand reputation and customer loyalty. The retailer will have also been left with excess seasonal stock, impacting its margins as it will be forced to implement more discounts.”
But it’s clear this is about more than M&S as a number of other retail/fashion firms not just in the UK have also suffered cyberattacks. Stephens said the M&S issues have been a warning to the entire industry: “Therefore, this incident serves as a stark reminder of the vulnerabilities retailers face in an increasingly digital landscape, where a single breach can have far-reaching consequences. The recent cyberattacks on other prominent apparel players such as Harrods, The North Face and Adidas underscores the pervasive threat to the retail industry and highlights the urgent need for robust cybersecurity measures.”
That’s something the companies that have suffered — and their peers that haven’t been the subject of cyberattacks so far — will be taking to heart.
Copyright © 2025 FashionNetwork.com All rights reserved.
