Marks & Spencer has resumed online orders after halting services for six weeks due to a serious cyber-attack on its systems.
The company confirmed on its website that customers “can now place online orders with standard delivery to England, Scotland and Wales.”
M&S added that deliveries to Northern Ireland will restart in the coming weeks, along with click-and-collect and next-day services.
It also plans to resume nominated-day delivery and international orders over the coming weeks as operations continue returning to normal.
The company’s shares rose 4% following the announcement, placing M&S among the top risers on the FTSE 100.
The attack, which occurred over Easter weekend, forced M&S to suspend orders shortly after “threat actors” infiltrated its online systems.
Experts believe the hacking group Scattered Spider may be responsible for the breach that disrupted the retailer’s operations.
M&S reportedly lost around £25 million each week in clothing and homeware sales during the shutdown of its e-commerce platform.
The retailer estimates the incident could reduce profits by up to £300 million for the year, though insurance may offset half.
M&S initially warned the website might remain disrupted until July, but recovery efforts have progressed more quickly than expected.
Although shoppers could browse online, they could not complete purchases during the suspension of digital sales.
Customers continued using M&S stores, where cash and card payments remained unaffected throughout the online outage.
However, the cyber-attack impacted stock availability across physical locations, affecting food and clothing inventory during a key retail season.
A sunny and warm spring had spurred a rise in consumer spending, making the timing of the attack particularly damaging.
M&S confirmed that some customer data was compromised during the breach, raising concerns about privacy and data security.
The exposed information includes names, addresses, dates of birth, and historical order details for thousands of customers.
The company has not confirmed the total number of affected individuals but continues working with regulators and security teams.
It has promised to notify affected customers and take steps to strengthen data protection moving forward.
M&S apologised for the disruption and pledged to rebuild trust by prioritising customer safety and digital security.
Analysts say the attack could prompt wider investment in cybersecurity across the UK retail sector.
With online services returning, M&S hopes to recover lost ground during one of the year’s busiest shopping periods.