British retailer Marks and Spencer updated its website today, confirming its Click & Collect service is once again available to customers.

John Lyttle, one of the multinational's execs, said: "Our full online delivery offer is back – including Click & Collect – across fashion, home and beauty on M&S.com.

"You can now order online for collection from any M&S store across the UK or choose next day or nominated day delivery. You can also now return your online order to any M&S store.

[1]

The retailer's Click & Collect orders were among the first of the company's services to be taken offline, along with contactless payments, as it dealt with the early disruption caused by a widely publicized cyberattack on the business in April.

[2]

[3]

At first, M&S's bricks and mortar stores remained open, and its website and app orders were kept online – but that situation changed within days.

After first [4]disclosing the attack on Tuesday, April 22, by Friday, April 25, it took internal processes offline and paused online and app orders. Other issues that affected customers in the interim included an inability to redeem gift cards, store receipts not appearing in loyalty card accounts, and self-serve return kiosks being unavailable.

[5]

The retailer's core services are mostly back online now, more than three months post-attack, although some limitations remain.

Its Scan and Shop service, which allows customers to scan items using their phones and pay for them via an app, bypassing the usual checkout process, is available but is limited to purchases under £45 ($60), for example.

The online stock checking functionality is also still down, as is international online ordering, Sparks Pay, and occasion-cake ordering, although the latter is due back in the coming weeks.

Financial impact

M&S CEO Stuart Machin [6]said in May that the attack was likely to take a £300 million ($403 million) chunk out of the company's profits for the 2025/26 financial year.

Machin made the admission as M&S reported full year results on May 21, after reports circulated that the company was set to make a maximum claim on its cyber insurance policy.

[7]

In more recent news, rival retailer Next – which was not among those hit by the wave of attacks on its peers this year – raised its financial forecast in July.

It blamed the UK's unseasonably consistent warm weather and "trading disruption at a major competitor" for a 7.8 percent uptick in sales. It did not name M&S specifically, but out of the three retailers hit this year, only Machin's company is a direct competitor for Next.

Suspects in custody

The National Crime Agency (NCA) [8]arrested four individuals on July 10 in connection with the attack on M&S and other British retailers, which all occurred within weeks of one another.

[9]Let them eat junk food: Major organic supplier to Whole Foods, Walmart, hit by cyberattack

[10]Data spill in aisle 5: Grocery giant Ahold Delhaize says 2.2M affected after cyberattack

[11]Experts count staggering costs incurred by UK retail amid cyberattack hell

[12]ICO 'making enquiries' into bizarre shopper data spill at M&S

The suspects included a Brit aged 17 and a Latvian national aged 19; one 19-year-old British man from London; and a British woman aged 20 from Staffordshire.

All four are believed to be involved in the attacks on M&S, Co-op, and Harrods, the NCA alleged, while also restricting the media's ability to report further details.

Officials said at the time that none of the four had been charged or arrested, and in addition to the ages of the suspects – including one juvenile – the crimefighters alluded to safeguarding concerns in an official statement.

No authoritative sources have formally attributed the attacks on British retailers to any specific cybercrime group, although they have been [13]widely speculated to be the work of the social engineers among the [14]Scattered Spider gang. ®

Get our [15]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aJoTlxQsUo37S8glt1tNbwAAAME&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aJoTlxQsUo37S8glt1tNbwAAAME&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aJoTlxQsUo37S8glt1tNbwAAAME&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[4] https://www.theregister.com/2025/04/22/marks_spencer_cyber_incident/

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aJoTlxQsUo37S8glt1tNbwAAAME&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://www.theregister.com/2025/05/21/ms_cyberattack_disruption/

[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aJoTlxQsUo37S8glt1tNbwAAAME&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[8] https://www.theregister.com/2025/07/10/nca_arrests_four_in_connection/

[9] https://www.theregister.com/2025/06/09/united_natural_foods_cyber_incident/

[10] https://www.theregister.com/2025/06/27/ahold_delhaize_breach/

[11] https://www.theregister.com/2025/06/23/experts_count_the_staggering_costs/

[12] https://www.theregister.com/2015/10/28/ico_looking_into_ms_data_spaff/

[13] https://www.theregister.com/2025/05/15/cyber_scum_attacking_uk_retailers/

[14] https://www.theregister.com/2025/05/18/ex_nsa_scattered_spider_call/

[15] https://whitepapers.theregister.com/