British food and clothing retailer Marks & Spencer has apologised to customers following a cyber attack that disrupted its ‘Click and Collect and contactless payment services over the weekend. The chain’s chief executive, Stuart Machin, said in a note that the company had been forced to make temporary “small changes” to store operations “to protect […]
British food and clothing retailer Marks & Spencer has apologised to customers following a cyber attack that disrupted its ‘Click and Collect and contactless payment services over the weekend.
The chain’s chief executive, Stuart Machin, said in a note that the company had been forced to make temporary “small changes” to store operations “to protect you and our business”.
While its stores, website and app remain open to customers, it is working to resolve some “limited” delays to Click and Collect orders.
According to The Guardian, a separate technical issue also affected contactless payments over the weekend.
Read: How Deliveroo fuses threat intelligence and business strategy
“As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business, and we are sorry for any inconvenience experienced,” a spokesperson said.
The statement added that the company has “engaged external cybersecurity experts to assist with investigating and managing the incident,” and has reported the incident to the “relevant data protection supervisory authorities and the National Cyber Security Centre.”
The source of the incidents has not yet been identified.
Cybersecurity professionals say the event underscores the vulnerability of businesses today, regardless of their size.
“This incident illustrates that no one is immune to cyber threats. Even household names can, and regularly do, fall prey to cybercriminals,” said Jamie Akhtar, co-founder and CEO at CyberSmart.
“The key lesson here is the importance of cultivating a positive and strong security culture throughout the organisation,” added Javvad Malik, lead security awareness advocate at KnowBe4.
“Cybersecurity can no longer be siloed within IT departments; it must be integrated into every aspect of business operations and decision-making processes.”
Verizon’s 2025 Data Breach Investigations Report (DBIR), released today, found that retail organisations have weathered a 15% increase in cyber incidents since 2024, with attackers now pivoting away from payment card data toward easier targets such as customer credentials, business plans, and reports.
