Introduction
Marks and Spencer (M&S) [2] [3] [4] [6] [8] [9], a prominent British retailer, is currently addressing a cybersecurity incident that has significantly impacted its UK retail operations [2]. This incident has disrupted several public-facing services [6], including the Click and Collect function and contactless payment systems, leading to customer inconvenience and operational challenges.
Description
British retailer Marks and Spencer (M&S) is currently managing a cybersecurity incident that has disrupted multiple public-facing services, particularly affecting its UK retail operations, including the Click and Collect function and contactless payment systems. The incident [1] [2] [3] [4] [5] [6] [7] [8] [9], which began around the Easter Bank Holiday, has led to ongoing technical difficulties for customers, such as delays with gift cards and vouchers, as well as issues with card payment terminals in stores. Frustration has been expressed on social media regarding challenges in collecting online purchases and returning items, with the first signs of disruption observed on April 19.
In response to these challenges, M&S has implemented temporary changes to store operations to protect both customers and the business [7]. While physical locations remain open and online shopping continues, certain store operations have been limited. Restrictions on contactless payments and the suspension of some order pick-up capabilities have been enacted as precautionary measures. Although contactless payment services have resumed [2], functions like Click and Collect remain intermittently unavailable [2].
M&S disclosed the incident in a filing to the London Stock Exchange on April 22, 2025 [1], and has been managing the situation for several days [5]. The company has issued an apology to customers, acknowledging the inconvenience caused [1]. Notably, M&S asserts that no customer data has been accessed [7] [9], although the specific nature of the cyberattack has not been disclosed [2]. There are indications that the incident may involve a ransomware attack affecting certain systems [6], but it remains unconfirmed, and no cybercrime group has claimed responsibility [3].
The company has notified relevant data protection supervisory authorities [4], including the Information Commissioner’s Office (ICO) [6] [8], and is collaborating with external cybersecurity experts and the UK’s National Cyber Security Centre (NCSC) to investigate and manage the situation. Customers have been advised to change their passwords and remain vigilant for suspicious activity [3], particularly regarding unexpected communications that may request personal information or prompt them to click links or scan QR codes. Chief Executive Stuart Machin has emphasized the importance of customer trust and assured customers that the company is taking the situation seriously, focusing on protecting users and business operations [2]. As M&S approaches the release of its full-year results on May 21 [1], analysts are closely monitoring the potential impact on customer confidence and company performance [1]. M&S serves approximately 32 million customers annually [5].
Conclusion
The cybersecurity incident at M&S has highlighted vulnerabilities in its operational systems, prompting immediate mitigations to safeguard customer interests and business continuity. While the company has taken steps to address the disruptions and reassure customers, the long-term implications on customer trust and financial performance remain under scrutiny. As M&S continues to collaborate with cybersecurity experts and authorities, the focus remains on resolving the incident and preventing future occurrences.
References
[1] https://thecyberexpress.com/marks-and-spencer-data-breach/
[2] https://cyberinsider.com/marks-spencer-confirms-cyber-incident-causing-business-disruption/
[3] https://www.techradar.com/pro/security/marks-and-spencer-has-suffered-a-cyberattack-heres-what-we-know-so-far
[4] https://www.infosecurity-magazine.com/news/ms-grapples-with-cyber-incident/
[5] https://techcrunch.com/2025/04/22/marks-spencer-confirms-cybersecurity-incident-amid-ongoing-disruption/
[6] https://www.computerweekly.com/news/366622847/Cyber-attack-downs-systems-at-Marks-Spencer
[7] https://www.mirror.co.uk/money/marks–spencer-cyber-incident-35100934
[8] https://www.bbc.com/news/articles/c9djvzwn858o
[9] https://www.itpro.com/business/m-and-s-calls-in-ncsc-after-cyber-incident-disrupts-customer-payments-online-orders
