Marks & Spencer (M&S), the British multinational retailer, has confirmed a cyberattack that disrupted its operations, leading to delays in customer orders and affecting contactless payment systems. The incident, which began on Monday, has prompted the company to implement temporary changes to its store operations to protect customers and the business.
In a statement released on the London Stock Exchange, M&S acknowledged the cyber incident, stating:
“Marks and Spencer Group plc (the Company, or M&S) has been managing a cyber incident over the past few days. As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business and we are sorry for any inconvenience experienced.” The Guardian
Despite the disruptions, M&S assured customers that its stores remain open and that its website and app are operating normally. The company has engaged external cybersecurity experts to assist with investigating and managing the incident.
Impact on Customers
Customers have reported issues with contactless payments and delays in collecting online orders. One customer at the retailer’s Plymouth store posted on X (formerly Twitter) on Saturday:
“Could not collect my online purchase today, previous visit could not return an item as tills were down …please sort out your poor IT situation.”The Guardian
Another customer posted on Monday:The Guardian
“Nothing working Beckenham [in] London either … .” The Guardian
M&S has reported the incident to the National … is taking actions to further protect its network to ensure it can continue serving shoppers.
Broader Context of Marks & Spencer Cyberattack
The cyberattack on M&S is part of a broader pattern of cyberattacks affecting UK businesses. In recent years, companies like Transport for London, Royal Mail, and WH Smith have also experienced significant cyber incidents. A 2022 government report indicated that 40% of UK businesses had experienced a cybersecurity incident in the prior year.The Guardian
Company Response
M&S has apologized for the inconvenience caused by the cyber incident and is working diligently to resolve the issue. The company emphasized that customer trust is incredibly important and that it will provide updates as appropriate.
“Customer trust is incredibly important … .
The company continues to take steps to secure its network and maintain services, but did not specify what those were or what the temporary changes it made were.R
