UK retail giant Marks and Spencer (M&S) has confirmed a recent “cyber incident” that disrupted key services, including its Click and Collect orders and contactless payment systems. The company has implemented temporary operational changes to safeguard customer data and business continuity, while engaging external cybersecurity experts to investigate the breach.
Key Details:
Impacted Services:
-
Delays in Click and Collect orders, with customers reporting frustrations on social media over unprocessed gift cards and vouchers.
-
Temporary inability to process contactless payments in stores
Company Response:
-
CEO Stuart Machin issued a public apology, assuring customers that “no action” is required from them at this stage1.
-
The incident has been reported to the UK’s Information Commissioner’s Office (ICO) and the National Cyber Security Centre (NCSC)
Expert Insights:
-
Daniel Card of BCS highlighted the incident as a reminder of the “gap between perception and reality” in organizational cyber resilience.
-
Ian McShane of Arctic Wolf noted the attackers likely targeted the Easter weekend—a peak trading period—to maximize disruption.
Broader Context:
This incident follows recent IT outages affecting other major UK brands like Morrisons and Barclays, underscoring vulnerabilities in critical infrastructure during high-traffic periods.
Source: https://www.bbc.com/news/articles/c9djvzwn858o