- M&S suffered a cyberattack that affected Click and Collect systems
- Stores were largely unaffected, except some contactless payment systems disabled
- It’s not clear yet if any customer data is affected
Marks and Spencer (M&S) has suffered a “cyber incident” that has affected stores for the last few days, resulting in “small changes” to store operations in order to protect customers “and the business.”
The retailer confirmed Click and Collect services were impacted by technical issues as a result, and some stores were unable to process contactless payments. It’s not yet clear if this incident has resulted in any breached customer or employee data, or if this was a ransomware attack, but customers should make sure to change their passwords and be on the lookout for suspicious activity just in case.
The retail giant has apologised for any inconvenience, and assures that it is working with “the best experts” to manage the incident – here’s what we know so far.
Business as usual
In a note to customers, M&S Chief Executive Stuart Machin apologised, confirming that stores remain open, and the retailer’s website and app are operating as usual.
“There is no need for you to take any action at this time, and if the situation changes we will let you know. There may be some limited delays to your Click and Collect order, which we are working hard to resolve,” Machin writes.
The retail industry is a frequent target for cyberattacks, often holding personally identifiable information such as names, email addresses, and shipping addresses of customers. Criminals that can take control of systems can cost retail firms millions in downtime – gaining serious leverage in ransomware incidents.
M&S has confirmed to TechRadar Pro all contactless payments are now back online in all stores, and that it has seen “positive comments from customers thanking us for our transparency and for store colleague support.”
In 2024, a supply chain attack hit some of the UK’s largest grocery stores, Morrisons and Sainsbury’s, as well as coffee shop Starbucks, taking some systems offline in a ransomware attack that saw over 680GB of data stolen.
For those affected
Marks and Spencer has not confirmed the nature of this incident, and so far no cybercrime group has taken responsibility for the incident, nor has any customer data been posted online.
That being said, customers would be wise to take some steps in the next few days just to be on the same side and to get ahead of any repercussions if their information has been affected.
In an incident like this where it isn’t clear what, if any, data has been affected – the first thing to do is to change your password, and any other sites with the same credentials. We’ve put together a guide on how to create a secure password to make sure you’re as safe as possible.
The next, and probably most important step, is keeping vigilant. With your name and email address, a criminal can send sophisticated social engineering attacks, aimed to trick you into handing over more information, or into inadvertently downloading malware.
Make sure you double check any unexpected communications and email addresses – especially cross referencing these against the legitimate email addresses (these can be found on Google).
Be especially wary of any email that asks you to enter any information, click a link, or scan a QR code. Phishing attacks using QR codes are becoming more common, and are more dangerous than ever before, so make sure anything you scan is verified beforehand.
If a criminal does email you, there will most likely be signs. The first, is the email address the communication comes from – if it’s G00gle or M1crosoft instead of their legitimate addresses, just delete the email. If you get an unexpected text, email, or phone call from anyone claiming to be a “friend”, from a number or address you don’t recognise, especially one that asks you to sign in, send money, buy a gift card, be very very suspicious.
