M&S has been left unable to process loyalty rewards though its Sparks app as it battles a crippling cyber attack which has been ongoing for a week.
Customers have been unable to claim rewards by scanning the Sparks app at checkouts, as M&S continues to fight to get control of the attack which began last Monday.
Store assistants were yesterday (27 April) resorting to writing the details down in order to honour loyalty rewards, including free items, and taking customers on their word that claims were valid.
M&S’s latest update on the “cyber incident” – thought to be a ransomware attack – said on Friday it had paused online orders via both its website and app.
“We informed customers on Tuesday that there was no need for them to take any action,” the retailer said. “That remains the case, and if the situation changes we will let them know.
“Our experienced team – supported by leading cyber experts – is working extremely hard to restart online and app shopping.”
The disruption to Sparks rewards comes months into a multi-year year programme of investment in technology upgrades at M&S, including to the loyalty scheme. The retailer said in November that the “reset” of Sparks would deliver a more personalised customer experience.
The loyalty scheme has more than 18 million members.
M&S shares have dropped 8.5% in value since it first announced the attack last Tuesday.
The retailer has also been forced to lock remote-working staff out of some of its IT systems to contain the ongoing fallout, The Times reported on Saturday.
Ed Williams, VP consulting and professional services at cyber security firm Trustwave, said: “Incidents like this reinforce the urgent need for the retail sector to elevate its security posture in line with an increasingly complex and aggressive threat landscape.”
No comments yet