The British high street retailer has Marks & Spencer (M&S) apologises after it was impacted across the nation by a cyberattack.
Customers began reporting problems last weekend, and on Tuesday the retailer confirmed it was facing a “cyber incident.”
On Wednesday M&S announced that “we promised to keep you informed about the cyber incident that has led to disruption to some of our services. As part of our proactive management of the incident, it continues to be necessary to make some changes to our operations to protect customers and the business.”
M&S cyberattack
It said at the time that “stores remain open and customers can continue to shop on our website and our app. However, we are not currently processing contactless payments, we have paused the collection of Click & Collect orders in stores, and there may be some delay to online order delivery times.”
But on Friday it apologised in a further update and announced it was halting online orders for food deliveries and clothes.
“As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps,” it said. “Our product range remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers.”
“We informed customers on Tuesday that there was no need for them to take any action,” it said. “That remains the case, and if the situation changes we will let them know.”
“Our experienced team – supported by leading cyber experts – is working extremely hard to restart online and app shopping,” it said. “We are incredibly grateful to our customers, colleagues and partners for their understanding and support.”
An update from M&S pic.twitter.com/PSbIGHJtMY
— M&S (@marksandspencer) April 25, 2025
Other incidents
Marks & Spencer has suffered a number of cybersecurity incidents in the past.
In April 2011 for example M&S customer details were exposed after the Epsilon data breach.
And then in 2015 M&S temporarily suspended its website after “technical difficulties” that exposed customer information to other users.
