As M&S continues to battle the fallout from a cyber attack which took hold over the Easter weekend, we round up what we know so far about the incident.

Day 1 – Mon 21 Apr | M&S first reveals cyber attack

• After customers reported payment issues and delays receiving online orders, M&S’ CEO, Stuart Machin personally wrote to shoppers confirming the retailer had been “managing a cyber incident.”
• He advised this could result in small and temporary changes to store operations, apologising for any inconvenience.

Day 2 – Tue 22 Apr | Incident reported to National Cyber Security Centre

• The Guardian reported M&S had referred the attack to the NCSC as well as hiring cyber security experts to investigate the incident, as it took further actions to protect its network and allow it to continue to serve shoppers.

Day 3 – Wed 23 Apr | M&S issues update, pausing Click & Collect

• It said while stores remained open and customers could still shop on M&S’ website and app, it would not be processing contactless payments.
• M&S also paused the collection of Click & Collect orders in stores, and advised of some delays to online order deliveries. 

Day 4 – Thu 24 Apr | Contactless payments remain down

• The Register reported that contactless payments were still down.
• In a move which The Register described as being “consistent with disclosures involving ransomware”, M&S confirmed some of its internal processes have been moved offline.

Day 5 – Fri 25 Apr | Online orders on M&S.com suspended

• M&S was forced to stop taking orders on its app and website – which accounts for about £3.8million in sales a day.
• It said the move was part of its “proactive management” of the cyber incident.

Days 6 & 7 – Sat 26 & Sun 27 Apr | M&S’ WFH and remote staff shut out

• The retailer closed down some of the programmes its staff use to work remotely, preventing them from logging into internal IT systems from outside of the office.

Day 8 – Mon 28 Apr | Warehouse staff told to stay at home

• Agency staff at a key logistics site were told by M&S to stay at home as the cyber attack disruption entered a second week.
• The Guardian reported M&S also paused some deliveries of items to Ocado as it continued to battle the disruption from the hack, which had wiped out an estimated £500million off its stock market value in a week.

Day 9 – Tue 29 Apr | Pockets of limited availability

• The BBC reported that some M&S stores were experiencing “pockets of limited availability” and had been left with empty food shelves as the cyber attack continues to affect operations.
• M&S said it hoped food availability should be back to normal by the end of the week.
• Meanwhile, the I Paper reported that since the attack was announced, the prolongued online shopping outage saw M&S shares fall by 7 per cent, wiping off between £650-£700million from the company’s value.

Day 10 – Wed 30 Apr | As M&S battles cyber incident, Co-op hit with hack

• Cyber security experts suggest hacking group, Scattered Spider, could be behind the M&S attack.
• Cyber criminals from the Scattered Spider Group previously hacked casino operators, Caesars Entertainment and MGM, holding them to a £15million ransom.
• Whilst M&S was still managing the ongoing fall out from the cyber incident, Co-op confirmed it has been hit by a hack to its back-office systems and call centre services over the weekend.

Day 11 – Thu 01 May | M&S freezes online hiring, shoppers face Percy Pig shortages

• The Times reports M&S has suspended online hiring as it battles cyber attack
• Tech site, BleepingComputer, suggests Scattered Spider Group may have used an encryptor from DragonForce, which white-labels ransomware, to carry out the attack.
• Customers started to experience shortages of M&S’ iconic Percy Pig sweets as the fallout from the cyber incident continues to impact inventory in-store