Marks & Spencer (M&S) is still struggling to recover from what appears to be a malicious cyberattack on its systems last weekend. On Friday, the UK retailer announced that it has suspended all online sales transactions for the foreseeable future, leaving customers vulnerable to inevitable phishing attacks, security experts tell Cybernews.
It’s been nearly a week since M&S's payment systems were disrupted last weekend in an unexplained cyber event, leaving customers’ online purchases suspended in cyberspace and causing chaos for shoppers at the retail giant’s 1,049 store locations.
The London-headquartered conglomerate filed notice with the UK’s National Cyber Security Centre (NCSC) on Monday, revealing it “has been managing a cyber incident over the past few days.”
In a new update to its X account on Friday, M&S confirmed that all online and app sales have now been paused as it continues to investigate and attempt to mitigate the incident. Gift cards are also not being accepted.
“As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps,” M&S said, adding that it is “truly sorry for this inconvenience.”
The company, which has resorted to issuing refunds for unfulfilled online orders, said its in-person locations are still open and the M&S app remains available for browsing.
An update from M&S pic.twitter.com/PSbIGHJtMY
undefined M&S (@marksandspencer) April 25, 2025
William Wright, CEO of cybersecurity consulting firm Closed Door Security said the pause in online and app sales “will create a huge inconvenience for customers and will also significantly impact M&S financially.”
“Data shows that almost a quarter on the store's sales happen online, so no matter how long this pause is put in place, it will hurt M&S financially, Wright pointed out.
Be wary of phishing scams
In Friday’s update, M&S reiterated it has employed rought in leading outside cybersecurity experts who are “working extremely hard” with in-house IT teams to restart the e-commerce portions of the website and app.
M&S reminded customers that there was “no need for them to take any action.” and that customers would be notified by the company if circumstances change.
Still, Wright noted that even with M&S assuring ustomers they have not been affected, "this could change at any time, particularly while forensics are still ongoing.”
In the interim, Wright recommends M&S customers keep an eye on their online accounts and bank statements, and also be on guard for phishing attacks.
“We don't know if criminals have accessed any customer data, but it's always safer to be on guard… and treat all communications with caution,” he said.
One M&S custoner has already reported they were the victim of an attempted vishing attack.
“Yesterday I received a NoCallerID who wanted to scam me using my name and last 4 digits of my credit card. I hung up and wasn’t scammed. However, I tried to return an online order to M&S and their staff said systems were down. Now there’s an admission of a cyber attack," they posted on X.
Yesterday I received a NoCallerID who wanted to scam me using my name and last 4 digits of my credit card. I hung up and wasn’t scammed. However, I tried to return an online order to M&S and their staff said systems were down. Now there’s an admission of a cyber attack.
undefined Michelle Mallin (@michelle_m74727) April 25, 2025
Marks & Spencer has not yet revealed what caused the cyber incident, which appears to have all the hallmarks of a typical ransomware attack, although no threat group has claimed responsibility for the attack at the time of this report. Furthermore, M&S has not said whether sensitive information, such as customer or employee data, has been subject to unauthorized access.
Cybernews contacted Marks & Spencer on Tuesday, but the company has not responded.
“Attackers could send out phishing emails, designed to look like genuine communications in relation to the incident, but are actually aimed at tricking recipients into handing out their personal or financial information,” Wright explained.
Wright said customers should “avoid clicking on links and attachments from unknown senders and always check the address where an email is coming from.”
The CEO added that customers should also stay updated on any developments by regularly checking the M&S corporate website and monitoring official M&S social channels.
Established in 1884, the food, beauty, clothing, and home goods retailer serves millions of customers worldwide. M&S employs approximately 75,000 workers and, in 2024, reported annual revenue of £13 billion.
Marks & Spencer brands include Autograph, Blue Harbour, Boutique, Goodmove, Jaeger, M&S Collection, Per Una, Rosie, as well as M&S Bank, which provides financial services such as credit cards, savings, and insurance.
M&S said it was incredibly grateful to its customers, colleagues, and partners for their understanding and support.
Your email address will not be published. Required fields are markedmarked