Excerpt from BBC Article, Published on Apr 22, 2025.
Marks & Spencer (M and S) has confirmed it is dealing with a cyber incident that has disrupted several core services, including its widely used Click and Collect feature and gift card payment system. Over the past few days, customers have taken to social media to express frustration over delays and technical glitches, prompting M and S to issue an official apology.
M & S Chief Executive Stuart Machin reassured customers in a public note, stating the company was forced to make “small changes” to store operations in response to the issue. While there is no immediate action required from customers, Marks & Spencer emphasized that it is actively addressing the situation and will provide updates if needed. The incident has triggered an investigation by the Information Commissioner’s Office (ICO), with Marks & Spencer reporting the breach to both the ICO and the National Cyber Security Centre. The retailer also confirmed it has brought in external cyber security experts to help investigate and contain the impact.
Despite the reassurances, customers are still facing delays with Click and Collect orders and have reported issues with using gift cards in-store. Some have described the situation as a “total failure for customers,” criticizing M and S for not issuing timely updates. Cybersecurity experts view the Marks & Spencer incident as a wake-up call for businesses to reassess their cyber resilience. According to Daniel Card from the Chartered Institute for IT, the breach highlights how even well-resourced companies like M and S remain vulnerable to cyber threats. The attack coincided with the busy Easter trading weekend, a peak period for retailers like M and S. Experts, including Ian McShane of Arctic Wolf, believe attackers may have deliberately timed the incident for maximum disruption.
To delve deeper into this topic, please read the full article BBC.
