Marks and Spencer cyber attack: M&S warns of delays after incident disrupts store operations

Rahmah Ghazali
By Rahmah Ghazali

Live Reporter

22nd Apr 2025, 7:59pm

Click here for more of our videos 
on ShotsTV.com or watch on Freeview 262

Marks & Spencer (M&S) has apologised to customers following a recent “cyber incident” that disrupted operations at some of its UK stores, causing issues with Click & Collect orders and in-store payment systems.

The retailer confirmed on Tuesday that it had experienced technical issues over the past few days, leading to “minor, temporary changes” to store operations in order to protect customers and its network.

In an email to customers, M&S chief executive Stuart Machin said: “I’m writing to let you know that over the last few days M&S has been managing a cyber incident. To protect you and the business, it was necessary to temporarily make some small changes to our store operations, and I am sincerely sorry if you experienced any inconvenience.”

Hide Ad
Hide Ad

Machin added that “our stores remain open, and our website and App are operating as normal,” and reassured customers that “there is no need for you take any action at this time.” However, he acknowledged that “there may be some limited delays to your Click & Collect order, which we are working hard to resolve.”

Marks & Spencer (M&S) has apologised to customers following a recent “cyber incident” that disrupted operations at some of its UK storesMarks & Spencer (M&S) has apologised to customers following a recent “cyber incident” that disrupted operations at some of its UK stores
Marks & Spencer (M&S) has apologised to customers following a recent “cyber incident” that disrupted operations at some of its UK stores | Getty

The issue reportedly led to contactless payment failures and disrupted the ability of customers to collect online orders over the weekend. M&S has since restored contactless payments in stores, but Click & Collect orders and some returns services remain affected.

The company has launched an investigation with cybersecurity experts and is working with the National Cyber Security Centre (NCSC) and data protection supervisory authorities to manage the incident. It has not confirmed whether customer data was compromised.

Jake Moore, global cybersecurity adviser at internet security firm Eset, said: “This highlights the significant impact cyber attacks can have in the public domain.”

Hide Ad
Hide Ad

He added: “Many ransomware attacks are dealt with behind the scenes which can make people think the problems are eroding but when customers are directly affected, the knock-on effects are far more widely noted.”

“Luckily, it seems no customer data has been taken in the attack but this situation widens the reality that card-only payments may not yet be the answer in a time when cyber attacks are just as prevalent as they’ve ever been,” Moore added.

Related topics:M&SSocial mediaEmail

Comment Guidelines

National World encourages reader discussion on our stories. User feedback, insights and back-and-forth exchanges add a rich layer of context to reporting. Please review our Community Guidelines before commenting.

Telling news your way
Follow us
©National World Publishing Ltd. All rights reserved.Cookie SettingsTerms and ConditionsPrivacy notice