Online orders still paused and spaces on shelves – what we know about the M&S cyber chaos

The country may be enjoying the sunny weather, but the storm clouds that have been gathering over Marks & Spencer currently show no sign of abating.

The company says it is working "day and night" to manage the cyber attack that hit the retailer two weeks ago and has caused problems in store and shut down its online operations.

Here's what we know about the attack and the impact it's having.

M&S's problems began over the Easter weekend, with customers reporting problems with Click & Collect and contactless payments.

The company confirmed it was dealing with a "cyber incident" and although those services have resumed, last Friday it paused online orders on its website and apps.

Now, more than a week on, there is still no word on when online orders will resume.

It is understood that customers who have received a ready to collect email can pick up their order in store, and orders placed after Wednesday 23 April will be refunded.

Some stores are also missing certain food items, as the firm took some of its systems offline as it tries to manage the cyber attack.

Signs on empty shelves read: "Please bear with us while we fix some technical issues affecting product availability."

It's understood the availability of groceries in the majority of food halls has improved over the Bank Holiday weekend and other stores will improve over the next few days.

However on Tuesday, there were reports that some stores did not have all the items needed to make up meal deal offers.

An M&S spokesperson said: "Customers can still buy meal deals in our rail station stores but there are pockets of availability for some items. We are working hard to continue getting our products into stores."

In addition, the company has pulled all job adverts from its website, with a message saying: "Sorry you can't search or apply for roles right now, we're working hard to be back online as soon as possible."

There has been silence from M&S on what or who was behind the attack on its systems, but we now know it was a ransomware attack.

This is a type of malicious software used to scramble important data or files after gaining access to a business' computer systems, essentially locking them away unless a ransom is paid.

Hackers often threaten to leak or sell the data to pressure a business to pay up.

A ransomware group that goes by the name "DragonForce" told the BBC it was responsible for the attack on M&S, the Co-Op and an attempted hack of Harrods and said there would be more attacks soon.

DragonForce operates an affiliate cyber crime service so anyone can use their malicious software and website to carry out attacks and extortions.

It's not known who is ultimately using the DragonForce service to attack the retailers, but some security experts say the tactics seen are similar to that of a loosely coordinated group of hackers who have been called Scattered Spider or Octo Tempest.

The gang operates on Telegram and Discord channels and is English-speaking and young – in some cases only teenagers.

The National Cyber Security Centre (NCSC) has warned that criminals launching cyber attacks at British retailers are impersonating IT help desks to break into organisations.

The Metropolitan Police has confirmed it is looking into the attack.

• What is ransomware and how does it work?
• Why is the M&S cyber attack chaos taking so long to resolve?
• 'They wanted $4m': Lessons for M&S from other cyber attacks

The cyber attack has already had a significant impact on the retailer, and the longer it takes them to deal with it, the bigger the hit to its bottom line.

Its share price has fallen since the technical problems started, with more than half a billion pounds wiped off the company's value.

Online accounts for about a third of M&S's clothing and home sales. On average, £3.8m is spent on clothing and home products on its website and apps every day.

Faced with the website problems, it's possible customers may have gone to an M&S store to buy something. But it's also likely that shoppers have turned to rival online retailers instead.

The problems have coincided with a period of warmer weather, when people are likely to want to buy new summer clothes.

Catherine Shuttleworth from Savvy Marketing says the online impact is immediate. "Given the 'buy it now' culture other retailers will benefit from this opportunity."

Analysts say M&S's reputation has suffered a "bruise", but they also say there is a lot of affection for the High Street stalwart so customers are likely to give it some leeway.

So far there has been no obvious backlash, with one customer telling the BBC staff were "perfectly charming" considering the cyber attack.

One of Marks & Spencer's biggest suppliers told the BBC it has resorted to using pen and paper for orders.

The boss of Greencore, which supplies sandwiches, rolls and wraps, says it also ramped up deliveries by a fifth to make sure there was more than enough food for the bank holiday weekend.

Thea Green, chief executive of beauty brand Nails Inc, told the BBC her company had a major launch coming up and she was nervous about it, given the problems at M&S.

"It does have an impact on us – but it's a single-digit percentage of our business, so it's not a major impact. But they are a very relevant UK customer," she said.

Meanwhile, M&S has also had to manage disruption to a small proportion of products that it supplies to Ocado, which delivers M&S online food orders and which is part-owned by M&S.

While the retailer was quick to inform customers of the breach, subsequent updates have been lacking.

Friday's message from chief executive Stuart Machin saying sorry is the first public statement from the company for a week and only the third one it has put out in total. And there was no mention of when normal business would resume.

M&S has not commented on the nature of the cyber attack, which is not unusual in cases like this, but experts say the uncertainty risks damaging consumer trust in the brand.

"In today's hyper-connected world, silence can be unsettling, particularly when trust and transparency are the most valuable commodities a brand can offer," says Kate Hardcastle, a consumer expert and business adviser.

Susannah Streeter from financial services company Hargreaves Lansdown says there is no indication that M&S is not meeting its legal obligations, given there is a holding statement on its website.

"However, good communication and transparency will be vital to restore confidence in the company and its systems," she says.

"There is a risk emerging for the company in terms of reputational damage, the longer the crisis continues."