This article is from the source 'bbc' and was first published or seen on . The next check for changes will be

You can find the current article at its original source at https://www.bbc.com/news/articles/c0el31nqnpvo

The article has changed 13 times. There is an RSS feed of changes available.

Version 11 Version 12
M&S cyber attack: What we know about it and its impact M&S cyber attack: What we know about it and its impact
(21 days later)
Marks & Spencer stopped taking online orders in late April, as it reeled from a major cyber attack that began over Easter. Marks & Spencer has started taking some online orders again, as it continues to recover from a major cyber-attack.
Ever since, customers have been asking when the service will resume. The company has now given them an answer, saying the hack will keep its online systems disrupted until July. The firm put orders on pause in late April, and has said it would be July before they were back to normal.
"Customers will be able to shop online within the next few weeks with momentum increasing throughout June/July," chief executive Stuart Machin said in a statement.
The company has been struggling to get services back to normal since the attack, which left some shelves empty and deliveries in limbo.
It has told customers to remain cautious about receiving emails, calls or texts claiming to be from M&S, after some customer data was stolen in the attack.It has told customers to remain cautious about receiving emails, calls or texts claiming to be from M&S, after some customer data was stolen in the attack.
As well as disrupting its online business, the hack affected the company in-store too, leaving some shelves bare in the days after M&S was targeted.
Here's what we know about the attack and the impact it is still having.Here's what we know about the attack and the impact it is still having.
Limited selection online
M&S announced on June 10 that a small selection of fashion products were now available online for home delivery.
But these are only for customers in England, Wales and Scotland.
M&S said orders for people in Northern Ireland will open up "in the coming weeks".
The company has also extended its delivery times to 10 days "in order to manage customer demand".
Click and collect is still not available but will also return soon, the retailer said.
Some customer data was stolenSome customer data was stolen
M&S admits some personal customer data was taken during the attack. M&S has admitted some personal customer data was taken during the attack.
It says information stolen could include contact details such as people's names, home addresses, phone numbers or email addresses, as well as dates of birth and online order history.It says information stolen could include contact details such as people's names, home addresses, phone numbers or email addresses, as well as dates of birth and online order history.
But it does not include useable payment or card details, or account passwords, M&S says.But it does not include useable payment or card details, or account passwords, M&S says.
The retailer will prompt customers to reset passwords for "peace of mind".The retailer will prompt customers to reset passwords for "peace of mind".
It adds that while users do not need to take any action, they should remain alert to possible attempts to extract or misuse their information.It adds that while users do not need to take any action, they should remain alert to possible attempts to extract or misuse their information.
Online orders are still paused
Some online sales will be restarted in a few weeks, but disruption will continue through June and July, the company told investors on 21 May.
It is the first time it has put a timeline on when online orders may be back up and running.
It is understood that customers who have received a ready-to-collect email can pick up their order in store, and any orders placed after Wednesday 23 April will be refunded.
Some stores were also missing certain food items, after the firm took some of its systems offline.
Signs on empty shelves read: "Please bear with us while we fix some technical issues affecting product availability."
It is understood the availability of groceries in the majority of food halls improved over the early May Bank Holiday weekend, although some shelves remained empty in the following weeks as supply chains worked to get back to normal.
In addition, the company has pulled all job adverts from its website, with a message saying: "Sorry you can't search or apply for roles right now, we're working hard to be back online as soon as possible."
It was a ransomware attackIt was a ransomware attack
There has been silence from M&S on what or who was behind the attack on its systems, but we now know it was a ransomware attack.There has been silence from M&S on what or who was behind the attack on its systems, but we now know it was a ransomware attack.
The BBC revealed detectives are focusing on a group of teens and young adults called Scattered Spider. BBC News revealed detectives are focusing on a group of teens and young adults called Scattered Spider.
These are English-speaking hackers, who used an illicit service called DragonForce.These are English-speaking hackers, who used an illicit service called DragonForce.
DragonForce operates an affiliate cyber crime service so anyone can use their malicious software and website to carry out attacks and extortions. DragonForce operates an affiliate cyber crime service so, for a fee, anyone can use their malicious software and website to carry out attacks and extortions.
BBC News has seen an email sent by DragonForce to M&S chief executive Stuart Machin, gloating about what they had done and demanding payment.
The email was sent apparently using the account of an employee from the Indian IT giant Tata Consultancy Services - which has provided services to M&S for over a decade.
The cyber criminals who targeted M&S have told the BBC they are also responsible for the ransomware attack on Co-op and the attempted hack of Harrods.The cyber criminals who targeted M&S have told the BBC they are also responsible for the ransomware attack on Co-op and the attempted hack of Harrods.
Ransomware is a type of malicious software used to scramble important data or files after gaining access to a business' computer systems, essentially locking them away unless a ransom is paid.Ransomware is a type of malicious software used to scramble important data or files after gaining access to a business' computer systems, essentially locking them away unless a ransom is paid.
Hackers often threaten to leak or sell the data to pressure a business to pay up.Hackers often threaten to leak or sell the data to pressure a business to pay up.
The National Cyber Security Centre (NCSC) has warned that criminals launching cyber attacks at British retailers are impersonating IT help desks to break into organisations.The National Cyber Security Centre (NCSC) has warned that criminals launching cyber attacks at British retailers are impersonating IT help desks to break into organisations.
M&S boss Stuart Machin confirmed the hackers got in through "social engineering" - when they pretend to be someone trustworthy, and trick an employee into giving out passwords or login access.M&S boss Stuart Machin confirmed the hackers got in through "social engineering" - when they pretend to be someone trustworthy, and trick an employee into giving out passwords or login access.
He said this was done through a third party that had access to M&S systems.He said this was done through a third party that had access to M&S systems.
What is ransomware and how does it work?What is ransomware and how does it work?
'They wanted $4m': Lessons for M&S from other cyber attacks'They wanted $4m': Lessons for M&S from other cyber attacks
A letter from the M&S hackers landed in my inbox - this is what happened next M&S hackers sent abuse and ransom demand directly to CEO
It's costing the company millionsIt's costing the company millions
M&S estimates the cyber attack will reduce profits for the current year by around £300m - which is more than analysts had expected and the equivalent of a 30% hit to profits.M&S estimates the cyber attack will reduce profits for the current year by around £300m - which is more than analysts had expected and the equivalent of a 30% hit to profits.
But it hopes some of this will be covered by insurance.But it hopes some of this will be covered by insurance.
Its share price has fallen since the technical problems started, with more than half a billion pounds wiped off the company's value.
Online accounts for about a third of M&S's clothing and home sales. On average, £3.8m is spent on clothing and home products on its website and apps every day.Online accounts for about a third of M&S's clothing and home sales. On average, £3.8m is spent on clothing and home products on its website and apps every day.
Faced with the website problems, it's possible customers may have gone to an M&S store to buy something, but it's also likely that shoppers have turned to rival online retailers instead.Faced with the website problems, it's possible customers may have gone to an M&S store to buy something, but it's also likely that shoppers have turned to rival online retailers instead.
The problems have coincided with a period of warmer weather, when people are likely to want to buy new summer clothes.The problems have coincided with a period of warmer weather, when people are likely to want to buy new summer clothes.
Jackie Naghten, a business consultant who has worked with big retailers including M&S, Arcadia and Debenhams, told the BBC: "It's absolutely costing them fortunes."Jackie Naghten, a business consultant who has worked with big retailers including M&S, Arcadia and Debenhams, told the BBC: "It's absolutely costing them fortunes."
The company's share price has also dropped since the attack.
Suppliers are affected tooSuppliers are affected too
One of Marks & Spencer's biggest suppliers told the BBC it had resorted to using pen and paper for orders.One of Marks & Spencer's biggest suppliers told the BBC it had resorted to using pen and paper for orders.
The boss of Greencore, which supplies sandwiches, rolls and wraps, said it had also ramped up deliveries by a fifth to make sure there was more than enough food for the bank holiday weekend.The boss of Greencore, which supplies sandwiches, rolls and wraps, said it had also ramped up deliveries by a fifth to make sure there was more than enough food for the bank holiday weekend.
Thea Green, chief executive of beauty brand Nails Inc, said her company had a major launch coming up and she was nervous about it, given the problems at M&S.Thea Green, chief executive of beauty brand Nails Inc, said her company had a major launch coming up and she was nervous about it, given the problems at M&S.
"It does have an impact on us - but it's a single-digit percentage of our business, so it's not a major impact. But they are a very relevant UK customer," she said."It does have an impact on us - but it's a single-digit percentage of our business, so it's not a major impact. But they are a very relevant UK customer," she said.
Meanwhile, M&S has also had to manage disruption to a small proportion of products that it supplies to Ocado, which delivers M&S online food orders and which is part-owned by M&S.Meanwhile, M&S has also had to manage disruption to a small proportion of products that it supplies to Ocado, which delivers M&S online food orders and which is part-owned by M&S.
Additional reporting by Imran Rahman-Jones.
Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.