SHUT OUT
M&S issues update for customers on loyalty scheme perks after cyber attack
A 'sophisticated' cyber gang reportedly launched an attack in April
MARKS & Spencer has issued an update for its loyal Sparks customers as the cyber attack continues to wreak havoc on the retailer.
It's good news for anyone eyeing up their birthday treat.
1
Shoppers due their annual freebie this month have been fearing they’d miss out thanks to the attack, but M&S has confirmed that birthday perks are still very much on the cards — albeit a little delayed.
The chaos began in April, when cyber crooks launched a "highly sophisticated" attack that’s still causing carnage behind the scenes, hitting everything from online orders to in-store stock.
The retailer’s Sparks scheme, which rewards shoppers with birthday goodies like cookies and fruit, was also caught in the crossfire - leading to shoppers not getting their birthday treats.
One concerned fan took to social media to ask: "@marksandspencer hey after recent events is the birthday offer still on for sparks members?"
Read more on M&S
Another asked: "I am unreasonably stressed by this Marks and Spencer cyber attack?
"Are they going be okay, will I still get my free birthday cake on the sparks app so many questions."
But M&S has now reassured customers that no one will miss out.
In response, M&S said: “Customers who are eligible for a Birthday Treat in May will receive this at a later date once the system is fully restored.”
Most read in Money
The retail giant told The Sun it is “working as quickly as possible" to turn Sparks offers back on.
They added: “Customers don't need to do anything. If they’re eligible, they’ll receive the birthday treat in their account once our system is restored.
NSA warns cellphone users to change ‘dangerous’ message setting now or risk device being ‘cloned’ – it takes 3 clicks
"Customers can check their Sparks account on the M&S app or website.”
The cyber attack, which kicked off over Easter weekend, has been one of the worst to hit the high street in years.
It has forced M&S to halt online orders and triggered widespread disruption, including a £300million blow to profits.
Customer info was also nicked during the breach, with security experts now blaming “Scattered Spider”— a notorious cyber gang thought to be behind the chaos.
Online shopping is still out of action and is expected to remain patchy until at least July, with fashion, home and beauty sales taking a battering.
Last weekend, bosses said it could still take around "five or six weeks" until shoppers can carry out online clothing orders.
Some stores have even been stripped of staples like bananas and Colin the Caterpillar cakes, and popular meal deals were pulled in smaller branches.
Still, birthday cookie lovers can breathe a sigh of relief as those treats will be back.
Timeline of cyber attack
- Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues.
- Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts.
- Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of "proactive management".
- Wednesday, April 23: Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected.
- Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February.
- Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price.
- Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home.
- Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores.
- Tuesday, May 13: M&S revealed that some customer information has been stolen.
- Wednesday, May 21: The retailer said disruption from the attack is expected to continue through to July.
Meanwhile, M&S isn't the only store facing cyber trouble.
Co-op was forced to shut down part of its IT system after facing a hacking attempt last month.
It confirmed that it had "taken proactive steps to keep our systems safe".
It was later revealed that the personal data of a "significant number" of its 6.2million customers and former members had been stolen.
The details included names, contact information, and dates of birth.
However, the retailer assured customers that passwords, credit card details, and transaction information were not compromised.
Full services resumed on May 14, following the reactivation of its online ordering system.
Read More on The Sun
Luxury retailer, Harrods, was also another victim of last month's hacking saga.
They had warned shoppers about "restricted internet access" due to the attempted breach, which caused difficulties for some customers trying to make payments.
What is a cyber attack?
A CYBER attack is any deliberate attempt to disrupt, damage, or gain unauthorised access to computer systems, networks, or digital devices.
These attacks can target individuals, businesses, or even governments, and their motives can range from financial gain to political disruption.
Cyber attacks can take many forms, employing various techniques to achieve their malicious goals.
Common types of cyber attacks include:
- Malware: Malicious software designed to damage or gain control of a system. Examples include viruses, worms, ransomware, and spyware.
- Phishing: Deceptive attempts to trick individuals into revealing sensitive information such as usernames, passwords, or credit card details, often through fake emails or websites.
- Denial-of-Service (DoS) Attacks: Flooding a network or server with traffic to overwhelm its resources and make it unavailable to legitimate users.
- SQL Injection: Exploiting vulnerabilities in website databases to gain unauthorised access to data.
- Ransomware: Malware that encrypts a victim's data and demands a ransom for its release.
- Social Engineering: Manipulating individuals into performing actions or divulging confidential information.
Topics
