An ongoing cyber crisis at Marks & Spencer is believed to be linked to a hacking group known as Scattered Spider.

The high street retailer first announced its IT systems had been breached by a cyber attack on 21 May, after customers reported being unable to pay for their shopping.

Yesterday (28 April), it was revealed that M&S had ordered hundreds of agency workers from its main distribution centre to stay at home, and work-from-home staff had been blocked from using internal systems remotely, as the company tightened up IT security.

According to cybersecurity website Bleeping Computer, multiple sources have claimed that the cyber attack has been conducted by threat actors known as Scattered Spider.

Subscribe to Grocery Gazette for free

Sign up here to get the latest grocery and food news each morning

The report said it is believed that the hacking group, which comprises young adults and teenagers operating in the UK and US, could have initially gained access to the retailer’s systems in February.

It is understood that M&S has since asked for help from Microsoft, CrowdStrike, and Fenix24 to look into and respond to the attack.

It remains unclear whether M&S was or is being held to ransom, though a source told  The Times that a ransom could be around £10m.

In its last public update on Friday (25 April), the retailer announced it had halted orders via the M&S.com websites and app. It added it was working with external cyber experts to reinstate online and app shopping.

The statement said: “We informed customers on Tuesday that there was no need for them to take any action. That remains the case, and if the situation changes we will let them know.”

However, according to the Financial Times, the fallout from its IT disruption has caused the FTSE 100 retailer’s market value to drop by £678m in this period.