M&S still struggling to get back to normal after cyber attack

M&S shoppers continue to experience frustrations as the company struggles with the aftermath of a recent cyber attack.

Customers initially reported issues over the weekend with M&S confirming on Tuesday that it was dealing with a “cyber incident.” While the retailer stated on Wednesday that customer-facing systems were back to normal, it has since been forced to take additional systems offline as part of its “proactive management of the incident.”

M&S stated that the decision to move certain processes offline was made “to protect our colleagues, partners, suppliers and our business.” The company maintains that its stores remain open and that customers can still shop on its website and app.

The disruption has affected several key services. M&S had stopped processing contactless payments, paused click-and-collect order pickups in stores, and warned of potential delays in online order deliveries. And although M&S claims to have restored contactless payments since, some customers dispute this.

BBC staff reported witnessing significant disruptions, including staff at Euston station in London announcing that the store was operating on a cash-only basis due to the payment system outage. Similar disruptions were observed in Glasgow and a store in Edinburgh reportedly closed early.

However, confusion persists among M&S customers, particularly on social media. While the company has informed some customers on X (formerly Twitter) that contactless payments are available, this has been contradicted by other users, who report that only chip-and-pin or cash payments are being accepted.

Additionally, M&S has advised click-and-collect customers not to travel to stores “until they have received their ‘Ready To Collect’ email.” Some customers have also reported issues with this, with one individual stating that store staff were unable to retrieve their item even after receiving the collection email.

M&S has not disclosed the specific nature of the cyber attack, but the decision to take systems offline is often a response to ransomware attacks.

On Tuesday, M&S informed investors that it has engaged “external cyber security experts to assist with investigating and managing the incident” and is “taking actions to further protect our network and ensure we can continue to maintain customer service.”

The company has also reported the incident to the National Cyber Security Centre (NCSC), which confirmed it is “working with Marks and Spencer to support their response,” and the National Crime Agency, which is working with the NCSC to “better understand the incident and support the company.”

Not just any cyber incident…but an M&S cyber incident