Marks & Spencer (M&S) has confirmed it is responding to a cybersecurity incident that has caused disruptions across its UK retail operations, including outages in payment systems and delays in store services such as order pick-ups and click-and-collect.
The British multinational retailer disclosed the incident in a regulatory filing to the London Stock Exchange today, stating that it had engaged external cybersecurity specialists to investigate and mitigate the issue. The company emphasized that its online store and mobile app are functioning normally and that all physical stores remain open. However, customers have reported continuing technical problems over the past several days, particularly affecting in-store operations.
The cyber incident appears to have begun earlier in the week, with the first public signs of disruption reported on social media on April 19. Multiple customers complained of malfunctioning card payment terminals and the unavailability of click-and-collect services. M&S acknowledged the issues on its official X account, stating that technical difficulties had affected store systems and that teams were “working hard to resolve” the problem.
While the company has not yet disclosed the specific nature of the cyberattack — such as whether it was caused by ransomware, unauthorized access, or internal system failure — it has reported the incident to the UK's data protection supervisory authorities and the National Cyber Security Centre (NCSC). No details have been provided on whether customer data was compromised.
Marks & Spencer Group plc is one of the UK’s most prominent retail chains, serving approximately 32 million customers annually through its network of food halls, clothing stores, and e-commerce channels. The company employs tens of thousands and is considered a cornerstone of the UK high street retail sector.
A spokesperson for M&S told TechCrunch that the company began limiting certain store operations on Monday, including restricting contactless payments and suspending some order pick-up capabilities. While contactless payment services have reportedly resumed, other functions like click-and-collect remain intermittently unavailable.
The company has not provided a detailed timeline for full restoration of services or confirmed the scope of systems affected. Chief Executive Stuart Machin signed the company’s public notice, assuring customers that M&S is taking the situation seriously and acting to protect both users and business operations.
For now, customers visiting M&S stores may continue to experience minor disruptions, particularly related to order retrievals and in-store payment processing.
Leave a Reply