Online orders paused and missing items – what we know about the M&S cyber chaos

The country may be enjoying the sunny weather, but the storm clouds that have been gathering over Marks & Spencer currently show no sign of abating.

We are now well into the second week of a cyber attack that has hit one of the UK's oldest and biggest retailers, causing problems in store and shutting down its online operations.

Here's what we know about the attack and the impact it's having.

M&S's problems began over the Easter weekend, with customers reporting problems with Click & Collect and contactless payments.

The company confirmed it was dealing with a "cyber incident" and although those services have resumed, last Friday it paused online orders on its website and apps.

Now, nearly a week on, there is still no word on when online orders will resume.

Some stores are also missing certain food items, as the firm took some of its systems offline as it tries to manage the cyber attack.

Signs on empty shelves read: "Please bear with us while we fix some technical issues affecting product availability."

It had been thought that food availability would be back to normal by the end of the week, although it is unclear if that is still the case.

In addition, the company has pulled all job adverts from its website, with a message saying: "Sorry you can't search or apply for roles right now, we're working hard to be back online as soon as possible."

There has been silence from M&S on what or who was behind the attack on its systems, but we now know it was a ransomware attack.

This is a type of malicious software used to scramble important data or files after gaining access to a business' computer systems, essentially locking them away unless a ransom is paid.

Hackers often threaten to leak or sell the data to pressure a business to pay up.

Security experts told the BBC on Tuesday that a ransomware group that goes by the name "DragonForce" was behind the attack.

The group lets other cyber criminals rent its malicious software to carry out attacks - leaving questions over who may have done so.

But many believe it was a loose network of teenage hackers known as Scattered Spider.

The Metropolitan Police has confirmed it is looking into the attack.

• What is ransomware and how does it work?
• Why is the M&S cyber attack chaos taking so long to resolve?
• 'They wanted $4m': Lessons for M&S from other cyber attacks

The cyber attack has already had a significant impact on the retailer, and the longer it takes them to deal with it, the bigger the hit to its bottom line.

Its share price has fallen 6.5% since the technical problems started, with more than half a billion pounds wiped off the company's value.

Online accounts for about a third of M&S's clothing and home sales. On average, £3.8m is spent on clothing and home products on its website and apps every day.

Faced with the website problems, it's possible customers may have gone to an M&S store to buy something. But it's also likely that shoppers have turned to rival online retailers instead.

The problems have coincided with a period of warmer weather, when people are likely to want to buy new summer clothes.

Catherine Shuttleworth from Savvy Marketing says the online impact is immediate. "Given the 'buy it now' culture other retailers will benefit from this opportunity."

Analysts say M&S's reputation has suffered a "bruise", but they also say there is a lot of affection for the High Street stalwart so customers are likely to give it some leeway.

So far there has been no obvious backlash, with one customer telling the BBC staff were "perfectly charming" considering the cyber attack.

Suppliers to M&S say they have been in daily contact with the retailer, but so far say there has been little impact on them.

However, Thea Green, chief executive of beauty brand Nails Inc, told the BBC her company had a major launch coming up and she was nervous about it, given the problems at M&S.

"It does have an impact on us – but it's a single-digit percentage of our business, so it's not a major impact. But they are a very relevant UK customer," she said.

Meanwhile, M&S has also had to manage disruption to a small proportion of products that it supplies to Ocado, which delivers M&S online food orders and which is part-owned by M&S.

While the retailer was initially quick to inform customers of the breach, subsequent updates have been lacking.

It has only put out two public statements, the last one on Friday 25 April.

It has not commented on the nature of the cyber attack, which is not unusual in cases like this, but experts say the uncertainty and ongoing silence risks damaging consumer trust in the brand.

"In today's hyper-connected world, silence can be unsettling, particularly when trust and transparency are the most valuable commodities a brand can offer," says Kate Hardcastle, a consumer expert and business adviser.

Susannah Streeter from financial services company Hargreaves Lansdown says there is no indication that M&S is not meeting its legal obligations, given there is a holding statement on its website.

"However, good communication and transparency will be vital to restore confidence in the company and its systems," she says.

"There is a risk emerging for the company in terms of reputational damage, the longer the crisis continues."