Marks and Spencer (M&S) has confirmed it is handling a cybersecurity issue that has disrupted some of its services over recent days.

The British retailer reported technical problems impacting its Click and Collect service and contactless payments, prompting numerous customer complaints on social media about delays.

In a statement on Tuesday, M&S CEO Stuart Machin apologized to customers and explained that the company had implemented minor operational adjustments in stores to safeguard both shoppers and the business.

He assured customers that no immediate action was required but promised updates if the situation changed.

The UK’s data protection authority, the Information Commissioner’s Office (ICO), has been informed. An ICO spokesperson stated that M&S had reported the incident and that they were reviewing the details.

In a notice to investors, M&S revealed it had enlisted external cybersecurity specialists to investigate and manage the breach. The company emphasized it was strengthening its network security to maintain customer service standards and had also alerted the National Cyber Security Centre.

Some customers reported delays in Click and Collect orders, while others faced issues using gift cards and vouchers in stores over the weekend.

One frustrated shopper described the situation as a “complete letdown” on social media, suggesting that advance warnings could have prevented unnecessary trips. Another customer in Liverpool claimed they were unable to pay with a gift card at an M&S store.

The retailer acknowledged ongoing technical difficulties affecting gift card processing and Click and Collect services.

Experts Warn of Growing Cyber Threats
Daniel Card from BCS, The Chartered Institute for IT, noted that the M&S incident highlights the disparity between perceived and actual cybersecurity readiness. He stressed that even large companies remain vulnerable, urging businesses of all sizes to take proactive security measures, such as securing devices and email systems.

This incident follows a series of IT failures affecting major UK retailers and banks. Last year, Morrisons faced chaos during Christmas orders, while Barclays encountered severe app and online banking issues in January, potentially leading to £12.5 million in compensation payouts.

In February, Lloyds and other banks experienced outages, disrupting payroll services for businesses.

Ian McShane, a cybersecurity expert at Arctic Wolf, pointed out that cybercriminals exploit peak trading periods, such as Easter—the second-busiest retail weekend after Christmas—to maximize disruption.

The M&S breach serves as another reminder that cyber threats persist, requiring constant vigilance from businesses.

Let me know if you’d like any adjustments or have another article to paraphrase!