Major UK retailer M&S discloses cyber incident

Major British retailer Marks & Spencer (M&S) has revealed that it has been impacted by a cyber incident, resulting in outages for contactless payment systems on in-store pick-up purchases.

M&S is a UK-based retail giant that sells clothing, homewares, beauty products, food and more. It has over 1,000 stores across the UK and employs over 70,000 people worldwide.

In a statement filed with the London Stock Exchange, M&S disclosed the cyber incident and said that it was forced to bring some systems offline to protect its customers.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

“Marks and Spencer Group plc (the company, or M&S) has been managing a cyber incident over the past few days,” the statement said.

“As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business, and we are sorry for any inconvenience experienced.

“Importantly, our stores remain open, and our website and app are operating as normal.”

The retail giant also responded to complaints made by customers online, who expressed their frustration at digital payment systems like gift cards and card payments not working, as well as delays to click and collect orders.

VIEW ALL

Cheers @marksandspencer for sending me this 2 hours AFTER I drove a 26 mile round trip to collect my parcel, only to be told I couldn’t have it (even though it’s there). What a wasted journey. I now have to drive back again in the next couple of days 😩 pic.twitter.com/wUdNjCMIz5
— Katie Crombie (@KatieC_says) April 22, 2025

M&S said it does not have a time frame for when the issues will be resolved but that it is currently investigating. According to reports, all 1,049 M&S stores in the UK have been affected.

“The company has engaged external cyber security experts to assist with investigating and managing the incident. We are taking actions to further protect our network and ensure we can continue to maintain customer service,” the statement said.

“In parallel, the company has reported the incident to the relevant data protection supervisory authorities and the National Cyber Security Centre.”

M&S has yet to disclose the nature of the cyber incident, nor has Cyber Daily observed any threat actors claiming responsibility for the incident.

Cyber Daily has reached out to M&S for more information.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Major UK retailer M&S discloses cyber incident

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED