LONDON (Reuters) – British retailer Marks & Spencer told agency staff at its central England distribution centre to stay at home on Monday, after it stopped taking online orders following a cyber incident last week.
Shares in the company, one of the best known names on Britain’s shopping streets, were trading down 2% on Monday, having lost as much as 8% since April 22 when it said it had been grappling with a cyber incident for a few days.
M&S told agency staff who usually work at its Castle Donington distribution centre near Derby not to come in, according to a person familiar with the situation. Agency staff are used when the warehouse is at its busiest.
About 200 people were told not to come in, said Sky News, which first reported the story.
An M&S spokesperson said on Monday there was no further update on the cyber incident following a statement on Friday which announced it was stopping orders from its website and app as part of its “proactive management” of the incident.
The chain, which has about 1,000 stores across Britain, makes around one third of its clothing and home sales online. It has said it is working with experts to resolve the issue.
Investec analyst Kate Calvert said that the longer it took for online sales to resume, the worse the hit would be for M&S.
“There will be a short-term profit impact without a doubt,” she said.
M&S, which sells upmarket groceries as well as clothing and home products, posted bumper Christmas sales in January and is due to publish full-year results on May 21.
Nathaniel Jones, VP of security at cyber security group Darktrace, said the fact that M&S had taken systems offline suggested it was likely a ransomware-related event.
“Retailers are increasingly targeted because they combine valuable customer data with complex, interconnected systems,” he said.
(Reporting by Sarah Young; Editing by Mark Potter)
