Marks and Spencer
Customers have faced bare shelves following a cyberattack that disabled the store’s payment systems.
Online orders were halted on the M&S website and app starting last Friday due to
issues with contactless pay
and Click & Collect available
Easter
.
Shares in the
high street
The fixture values have dropped significantly following the attack, and now it appears the stock price has been affected as well.
Certain M&S stores have signs on their food aisles stating: “We appreciate your patience as we address some technical problems impacting our stock availability.”
In various supermarkets ranging from Central London to Aberdeen, Scotland, fresh fruits and even Colin the Caterpillar cakes are scarce.
Although shoppers have similarly noticed M&S hot food counters being ‘temporarily closed’.
Mark O’Reilly, a radio host, posted images yesterday showing bare shelves at the M&S store located in Foyleside, a mall in Derry, Northern Ireland.
“This seems to be turning into a frequent problem whenever I go to this store,” he commented.
A fellow customer commented: “I verified the M&S Aberdeen status online and withdrew some cash just to be safe.”
‘I drove for an hour, paid for parking, and discovered an empty M&S store on Sunday, April 27th. The staff mentioned that the cyberattack was responsible.’
‘I understand the continuous problems, however, M&S should do more to keep their customers well-informed.’
A representative from M&S stated: “In our efforts to proactively handle this situation, we decided to temporarily shut down certain systems.”
Consequently, we now face instances where certain locations have restricted stock availability.
‘We are making significant efforts to restore regular availability throughout our properties.’
Even though problems with contactless payments, Click & Collect services, and gift cards have been addressed, customers remain unable to make online purchases.
M&S has temporarily halted deliveries of certain products to Ocado, which is an online grocer.
Every post on M&S’s Instagram page is now inundated with remarks about the current disruptions, as a mother commented that her daughter, an employee of the company, ‘came back home crying because of the harassment from a few customers.’
In response to another woman inquiring about her order, a customer service representative cautioned that ‘all orders placed after Wednesday, April 23rd — whether for home delivery or Click & Collect — will not be processed, and customers will receive a complete refund.’
On Friday, Marks issued an official statement to customers saying: “We have decided to temporarily halt order placements through our M&S.com sites and applications as part of our active response to a cybersecurity issue. Customers can still view our products online. We sincerely apologize for any disruption caused. Our physical stores continue to be open to serve you.”
‘We notified our customers on Tuesday that they didn’t need to take any steps. This still holds true, and should anything change, we’ll be sure to inform them.’
Our seasoned team—backed by top cybersecurity specialists—is diligently working to get online and app purchasing up and running again.
‘We feel profoundly thankful for the comprehension and assistance provided by our clients, team members, and collaborators.’
The company has not disclosed the details of the ‘cyber incident’.
Nonetheless, Nathaniel Jones, Vice President of Security & AI Strategy at cybersecurity company Darktrace, stated: “The decision by M&S to take their systems offline indicates that this is probably related to a ransomware incident.”
‘It highlights how swiftly cyber incidents can paralyze retail activities through both their digital and physical pathways, with the halt in online orders illustrating the ripple effect such assaults can have on financial inflows.’
‘Retailers are being increasingly targeted as they gather valuable customer information alongside intricate, interlinked systems.’
‘M&S ought to have solid control with backing from both the NCSC and the NCA. The swift move they made to separate the compromised systems demonstrates proper handling of crises; however, this event underscores the importance of making cybersecurity a core part of their business strategy rather than merely an issue for the IT department.’
Issues started appearing a week ago, when customers faced difficulties using contactless payments, such as Apple Pay, at retail locations.
Although the issue was ultimately resolved, the company subsequently halted online ordering services, without providing any timeline for when these services would resume.
M&S informed the NCSC about the problems and brought in cybersecurity specialists to conduct a deeper investigation.
This piece was initially published on April 28, 2025.
Contact our news team by sending an email to
webnews@Sazua.com.co.uk
.
To find similar tales,
check our news page
.
Get the latest on all the buzzworthy stories by subscribing to Sazua.com’s News Updates newsletter.
