Marks & Spencer tells some staff to stay home amid cyberattack

London — British retailer Marks & Spencer (M&S) told agency staff at its central England distribution centre to stay at home on Monday, after it stopped taking online orders after a cyber incident last week.

M&S shares were down 2% on Monday, having lost as much as 8% since April 22 when it said it had been grappling with a cyber incident for a few days.

M&S told agency staff at its Castle Donington distribution centre near Derby not to come in, according to a person familiar with the situation. Agency staff are used when the warehouse is at its busiest.

About 200 people were told not to come in, said Sky News, which first reported the story.

An M&S spokesperson said on Monday there was no further update on the cyber incident after a statement on Friday, which announced it was stopping orders from its website and app as part of its “proactive management” of the incident.

The chain, which has about 1,000 stores across Britain, makes about one-third of its clothing and home sales online. It has said it is working with experts to resolve the issue.

Investec analyst Kate Calvert said the longer it took for online sales to resume, the worse the hit would be for M&S.

“There will be a short-term profit impact without a doubt,” she said.

M&S, which sells upmarket groceries as well as clothing and home products, posted bumper Christmas sales in January and is due to publish full-year results on May 21.

Nathaniel Jones, vice-president of security at cybersecurity group Darktrace, said the fact that M&S had taken systems offline suggested it was probably a ransomware-related event.

“Retailers are increasingly targeted because they combine valuable customer data with complex, interconnected systems,” he said.

Reuters