Not just any cyber incident…but an M&S cyber incident

M&S has issued an update to customers following a cyber attack which left UK shoppers unable to use contactless payments or click-and-collect services over the Bank Holiday weekend.

In a message which was sent out to customers, the supermarket’s CEO Stuart Machin explained M&S had been “managing a cyber incident” over the last few days.

Shoppers reported widespread issues with contactless payments and click-and-collect services, leading to frustration and inconvenience.

In the email, Mr Machin explained that temporary changes to store operations were necessary “to protect you and the business” and offered a sincere apology for any inconvenience caused.

While M&S assured customers that its stores remained open and its website and app continued to function normally, the impact on in-store and online order collection was considerable. Numerous shoppers took to social media to express their frustration, reporting long queues at tills due to the inability to use contactless payment methods.

The cyber incident also caused delays to click-and-collect orders, with Machin acknowledging that M&S was “working hard to resolve” these issues. While the CEO advised customers that no immediate action was required on their part, the disruption undoubtedly impacted many individuals’ Bank Holiday plans and shopping experiences.

This marks the second significant tech-related issue for M&S in the past year. In May 2024, the retailer’s website and app were taken offline for several hours due to a third-party service failure. This latest incident raises questions about the resilience of M&S’s systems and the potential impact of cyber incidents on retail operations and customer experience.

Says Vonny Gamot, Head of EMEA at online protection company, McAfee:

“M&S has reported that it’s been managing a “cyber incident” over the last few days. Although the business has said there is no need to take action, it is good to be prepared and protect your online privacy and identity.

“Firstly, it’s important to know that high-profile attacks like this provide fresh opportunities for scammers. Unfortunately, fraudsters looking to capitalise on the situation will launch further rounds of phishing attacks, usually via email or text, that direct people to bogus sites designed to steal sensitive information.”

“You should also update your passwords and keep an eye on your bank and credit card accounts – if you see any charges that you didn’t make, report them to your bank or credit card company immediately. And if you suspect that your data has been compromised, you can place a fraud alert on your credit to ensure that any new or recent requests undergo scrutiny for suspicious activity.”