M&S Chaos: Leading British Retail Chain Attacked

Uploaded on 2025-04-25 in NEWS-Cybersecurity News, FREE TO VIEW

Leading British retailer Marks & Spencer (M&S) has apologised to customers after a cyber incident has affected contactless payments and the pick up of online orders in it stores in recent days. M&S shoppers are facing further frustration at the checkout as the company struggles to recover from a cyber attack. 

Customers began reporting problems on the weekend, with the retailer confirming on Tuesday 22nd April that it had suffered a damaging cyber attack. 

The incident began on Monday 21st April with contactless payments and click and collect orders affected in stores across the country. However, earlier there was a separate technical problem on Saturday 19th, which only affected contactless payments.

M&S has been forced to take some systems offline as part of its management of the attack. In many stores it was cash only as the payments system was down. M&S says it had made the "decision to move some of our processes offline to protect our colleagues, partners, suppliers and our business". Stores remain open and customers could "continue to shop on our website and our app", the statement added.

However, there is still confusion on social media amongst M&S customers and the firm has responded to some posts on X in the past few hours advising customers that contactless payments can be taken in stores.

In expert comment, Jamie Moles, Senior Technical Manager at ExtraHop said “While we don't yet have the full details of the M&S cyber incident, the company's dedication to protecting the network highlights the critical importance of a modern network security strategy. Incidents like this demonstrate how essential it is to have real-time visibility, threat detection and rapid response capabilities across all digital infrastructure...

Network visibility can play a pivotal role, helping organisations detect anomalies early, isolate potential threats and maintain service continuity." Moles said 

M&S said it had reported the incident to the National Cyber Security Centre and hired cyber security experts to help investigate and manage the issue and was “taking actions to further protect our network” to ensure it could continue serving shoppers. 

@marksandspencer   |   Investiagate   |   TechRadar   |   BBC   |   Guardian   |   Standard  |  ITPro

Image: @marksandspencer

You Might Also Read:

Why Is Retail Cyber Security So Weak?:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Apple and Meta Fined €700m By EU Commission
Traditional Cyber Insurance Isn’t Built For AI-Driven Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Bit4id

Bit4id

Bit4id provides technologies for electronic signature, online authentication, cybersecurity and all other services based on the concept of digital identity.

National Cybersecurity Institute (NCI) - Excelsior College

National Cybersecurity Institute (NCI) - Excelsior College

NCI is Excelsior College’s research center dedicated to assisting government, industry, military and academic sectors meet the challenges in cybersecurity policy, technology and education.

Build38

Build38

Build38 provides the highest levels of security for mobile applications.

Highland Capital Partners

Highland Capital Partners

Highland Capital Partners is an early stage venture capital firm focused on category-defining businesses in consumer and enterprise technology, including cybersecurity.

Human Security

Human Security

Human (formerly White Ops) Bot Mitigation Platform enables complete protection from sophisticated bot attacks across advertising, marketing and cybersecurity.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

Sayata Labs

Sayata Labs

Sayata delivers a streamlined solution for processing cyber policies. Increase profitability with an easy and intuitive platform.

Wiser Market

Wiser Market

Wiser Market is a leading company in global online brand protection services, intellectual property protection, anti-Counterfeit & trademark infringements.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

IT Acceleration

IT Acceleration

IT Acceleration is a full-service IT management and support, IT compliance and Digital Forensics company.

Liberman Networks

Liberman Networks

Liberman Networks is an IT solutions provider company that provides security, management, monitoring, BDR and cloud solutions.

LAVAAT

LAVAAT

At LAAVAT, our goal is to make it easy for our customers to build secure IoT devices without a need to invest considerably in embedded security and cryptography expertise.

Emtec

Emtec

Emtec’s cyber security team provides advisory, assessment, & managed security services that help you build the cyber security policies, toolsets & best practices to elevate your cyber security posture

CertiProf

CertiProf

CertiProf has been enhancing professional lives since 2015, offering a wide range of IT certifications and agile framework training.

SIGLA Group

SIGLA Group

SIGLA Group specialize in the design and development of IT and OT solutions, from analysis to design, from implementation to commissioning, as well as consultancy, training and assistance.

Cloudsmith

Cloudsmith

Cloudsmith is the only cloud-native, global, universal artifact management platform for securely developing and distributing software.