The hackers behind a cyber-attack on Marks & Spencer (M&S) managed to gain entry through a third party who had access to its systems, the BBC understands.
The cyber-attack, which happened in April, has caused millions of pounds of lost sales for M&S and left it struggling to get services back to normal, with online orders paused for more than three weeks.
The supermarket declined to comment on the nature of the breach or these new details, saying "availability is now in a much more normal place with stores well stocked this weekend".
DragonForce – the name the criminals are using – previously told the BBC it was behind the attack and was also responsible for hacking the Co-op and an attempted hack on Harrods.
M&S will announce its annual results on Wednesday, but the focus will all be on the devastating attack and its financial impact.
Bank of America analysts believe M&S has lost more than £40m of sales every week since the incident began over the Easter bank holiday weekend.
It announced on 25 April it had stopped taking online orders. Some stores were left with empty food shelves after the firm had to take some food-related systems offline.
On a precautionary basis, M&S decided to close down many of its IT operations following the attack, effectively locking itself out its core systems as it grappled to deal with the attack.
The biggest challenge is getting its online system fully operational again, which accounts for around a third of its clothing and homeware sales.
M&S told the BBC: "Our stores have remained open and availability is now in a much more normal place with stores well stocked this weekend."
