It's been more than a week now, as one of the UK's biggest brands is Marks and Spencer (M&S), following that - now it's obvious - is a major cyber attack.
Retailers lost sales and lower share prices, which cost retailers millions of pounds.
M&S still doesn't reveal what or who has eliminated its online ordering system, paused delivery, empty shelves left in the store, and lead to limited access to the internal platform ("they are using pen and paper companions," a contact told me).
The company is working with the National Cybersecurity Center, which will not comment on the active investigation. The Information Commissioner's Office, the data protection regulator, said it is "conducting queries".
M&S insists there is no detailed information about this incident.
However, as time goes by, the unsolved choruses grow bigger and bigger. First of all, why does it take so long?
Many non-period related technical failures are relatively fast fixes. An interrupt caused by a failed software or server update or even user error can usually be resolved within a few hours.
But trying to find and stop browsing malware and destroy the scale of people running a large national retailer like M&S is not a quick job.
“Everything from knowing what is sold, so what needs to be supplemented to getting a card payment is very dependent on the complex system… It will take a lot of time and expertise to analyze and make sure they have ousted the hacker,” he said.
Lisa Forte, a partner at cybersecurity firm Red Goat, agreed.
“They are dealing with the destruction in a mature way, but expect any company to recover anything online within a week,” she said.
“I don’t know an organization that can do it.”
There are many threats in nature. Multiple cybersecurity experts say the longer a cyber incident occurs, the more likely it is to become ransomware.
"I suggest it's a ransomware-style activity," said Dan Card, a network expert at the Chartered Institute.
"I describe these as digital bombs have disappeared. So there are existing challenges in technically and logically recovering … victim organizations will likely work around the clock to react and recover."
Ransomware is a particularly annoying strain of viruses in which the owner of a computer or computer network is locked, their data is disrupted, and attackers often need fees (usually cryptocurrency) to recover it.
Officially advise not to pay. After all, your trust in the criminals is true to their words.
However, it is usually impossible to restore a tortured service without the hack keys - which means the only way is to use a backup or install a new system and restart.
M&S won't comment, and no attackers have made any public claims - although this doesn't always happen, it's usually a way for cybercriminals to put more pressure on their victims.
As for who these hackers might be: fingers pointing to a smooth network of people called scattered spiders (it also has other aliases).
This is the 2023 attack on the MGM Las Vegas hotel.
The website's churn computers quoted "multiple sources" that indicated they were responsible and said some of them were teenagers.
Rik Ferguson, special counsel for the European Cyber Crime Centre, said the source of speculation about the group's involvement seemed credible, but added that he had not seen any concluding evidence so far.
I asked him if he should care about their personal information: the company itself currently stated that it was not necessary to act.
"Only M&S can tell us whether customers should be concerned about their personal data," he said.
“Without certainty, it is certainly recommended to change these passwords elsewhere for M&S customers, especially those who may reuse their M&S account credentials on other web services.”