Marks and Spencer (M&S) has locked work-from-home employees out of its online systems, as it tightens up IT security amid fallout from an ongoing cyber attack.

The high street retailer has shut down some of the programmes that remote staff use to log into internal systems, reported The Times.

It is understood that the move is designed to curb the spread of the cybersecurity attack through the retailer’s IT infrastructure.

Sources close to the company said staff still have the option to work from home, but now face restrictions as the high street giant battles with the fallout from its ransomware attack.

While M&S has yet to disclose the nature of this cyber breach, The Telegraph reported the attack was due to the company being “held to ransom by a criminal gang”.

Subscribe to Grocery Gazette for free

Sign up here to get the latest grocery and food news each morning

On Wednesday (23 April) M&S announced it had launched an investigation into a cyber incident over the bank holiday weekend, which saw some customers unable to use contactless payment methods, while other shoppers claimed they were forced to abandon their full weekly shop.

Speaking at the time, chief executive Stuart Machin apologised for any disruptions but reassured customers that the retailers stores, website and app were back to operating as normal.

However two days later, M&S announced that it had paused orders made online and via its app, as part of a “proactive” attempt to manage the cyber breach.

“Our experienced team – supported by leading cyber experts – is working extremely hard to restart online and app shopping. We are incredibly grateful to our customers, colleagues and partners for their understanding and support,” the statement added.