British retail giant Marks & Spencer said on Monday an ongoing “cyber incident” has impacted its contactless payment systems and caused its in-store pickup purchases to go offline.
The London-based retail conglomerate filed notice with the UK’s National Cyber Security Centre (NCSC) on Monday, revealing it “has been managing a cyber incident over the past few days”.
On Saturday, in-store locations began reporting issues with their contactless payment systems, and customers complained of not being able to pick up their online purchases. It has been reported that all 1049 M&S stores across the UK have been affected.
“As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business,” Marks & Spencer (M&S) said in a statement on Monday.
“Importantly, our stores remain open and our website and app are operating as normal,” it said, apologizing to customers for “any inconvenience experienced.”
The company said it was “taking actions to further protect our network and ensure we can continue to maintain customer service,” although it did not specify what those exact steps were.
It also did not disclose the cause of the cyber incident, nor say if any customer or employee data was accessed. Cybernews has reached out to Marks & Spencer and is awaiting a response at the time of this report.
CEO Stuart Machin on Monday also posted a message to M&S customers on social media about the alleged cyberattack.
"There may be some limited delays to your Click and Collect order, which we are working hard to resolve," he said.
"I know how much our customers trust M&S, and that trust is incredibly precious to us. Can I take this opportunity to thank you for shopping with us and for your continuous support. We really appreciate it," Machin said.
Established in 1884, the food, beauty, clothing, and home goods retailer serves millions of customers around the world. The company employs roughly 75,000 workers and in 2024, reported an annual revenue of £13 million.
Marks & Spencer brands include Autograph, Blue Harbour, Boutique, Goodmove, Jaeger, M&S Collection, Per Una, Rosie, as well as M&S Bank, which provides financial services such as credit cards, savings, and insurance.
Additionally, M&S said it has brought in outside cybersecurity experts to assist with the investigation. The company also noted that it would provide updates on the situation when appropriate, and that no customer action is needed at this time.
The incident has also been reported to “the relevant data protection supervisory authorities," M&S said.
Your email address will not be published. Required fields are markedmarked