Cyber Chaos: M&S Halts Online Orders After Major Cyber Attack

Marks & Spencer (M&S) has paused all online orders following a significant cyber attack that began causing issues over the weekend. Customers reported various problems, prompting the retailer to label it a ‘cyber incident’ by Tuesday. M&S has stopped all online transactions, including food deliveries and clothing sales, and is issuing refunds for purchases made on Friday. The company’s shares dipped 5% upon the announcement but have since begun to recover.

In a message posted on X (formerly Twitter), M&S expressed their apologies for the inconvenience and reassured customers that a team of cybersecurity experts is working diligently to restore services. Despite the online issues, physical stores remain operational.

Previously, customers encountered difficulties using contactless payments, Click & Collect, and gift cards. M&S confirmed that these payment methods are currently unavailable both online and in-store. However, for customers who received notifications that their items are ready for collection, they can still pick them up at the store. M&S has suspended return shipping, holding all collected parcels in stores until the situation stabilizes.

Many customers have vented frustrations over what they perceive as poor communication from M&S regarding these issues, particularly regarding gift card usage. Some customers have shared their ongoing struggles to utilize their gift cards despite reassurances from the company. Nevertheless, others have praised in-store staff for their support during this time.

The cyber incident has raised concerns within the cybersecurity community. Experts speculate that the impact could be devastating for M&S, as a significant portion of its sales occurs online—approximately a quarter. Cybersecurity specialists believe these types of attacks can severely cripple both digital and physical retail operations, emphasizing the substantial revenue loss retailers can face during such disruptions.

Moreover, the Information Commissioner’s Office and the National Cyber Security Centre (NCSC) have been informed and are involved in assessing the situation. M&S’s decision to temporarily halt online services is part of a strategy to manage the ongoing cyber crisis effectively.

In recent months, M&S isn’t alone in facing major IT disruptions. Other retailers and banks have similarly dealt with significant outages, highlighting a growing trend of vulnerabilities in online services across various sectors. This event serves as a reminder of the critical nature of cybersecurity in the retail industry, especially as the digital landscape continues to expand.