‘Cyber incident’ hits Marks & Spencer, causing delays for click and collect customers

Marks & Spencer has issued an apology following a "cyber incident" that disrupted operations at its stores in recent days, causing delays for click and collect customers.

The retailer confirmed it implemented "minor, temporary changes" to in-store procedures to safeguard customers and the business.

The incident follows social media reports over the weekend of customers unable to use contactless payment methods or collect online orders.

While contactless payments are reportedly now functioning again, disruptions persist for Click and Collect orders and returns.

In an email to customers, M&S chief executive Stuart Machin said on Monday that the chain had been “managing a cyber incident” over the past few days.

“To protect you and the business, it was necessary to temporarily make some small changes to our store operations, and I am sincerely sorry if you experienced any inconvenience.

“Importantly, our stores remain open, and our website and app are operating as normal.”

open image in gallery

There is no need for customers to take any action at this time, Mr Machin said.

“If the situation changes, we will let you know.

“There may be some limited delays to your Click & Collect order, which we are working hard to resolve.”

M&S said it is currently working with cyber security experts to investigate and manage the incident.

The company is taking actions to protect its network and has also reported the incident to data protection supervisory authorities and the National Cyber Security Centre.

Jake Moore, global cybersecurity adviser at internet security firm Eset, said: “This highlights the significant impact cyber attacks can have in the public domain.

“Many ransomware attacks are dealt with behind the scenes which can make people think the problems are eroding but when customers are directly affected, the knock-on effects are far more widely noted.

“Luckily, it seems no customer data has been taken in the attack but this situation widens the reality that card-only payments may not yet be the answer in a time when cyber attacks are just as prevalent as they’ve ever been.”