Marks & Spencer (M&S), the British multinational retailer, is grappling with the aftermath of a cyberattack that has disrupted parts of its operations. The company, known for its wide range of products from clothing to food and home goods, confirmed the breach in a statement to the London Stock Exchange.
Over the past few days, the cyber incident has affected some services, particularly its Click and Collect system, causing delays for customers awaiting online orders. M&S has assured the public that its physical stores, website, and app remain fully operational despite the disruption.
Immediate Response and Customer Impact
“As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business,” the company stated.
- Customers using Click and Collect have been asked to wait for confirmation emails before visiting stores for pickups.
- M&S has apologized for the inconvenience, promising to resolve the issue promptly.
The company is working closely with external cybersecurity experts to investigate and manage the situation. Efforts are also being made to reinforce its network security.
ALSO READ: “DFIR Capability Maturity Assessment Framework” by ALGORITHA
Regulatory Notifications and Transparency
M&S has reported the incident to both the National Cyber Security Centre (NCSC) and relevant data protection authorities. While the retailer has not disclosed the specifics of the breach or whether customer data has been compromised, they have committed to providing updates if the situation escalates.
No Claims of Responsibility Yet
At this stage, no ransomware group or threat actor has taken responsibility. Cybersecurity analysts suggest that if ransomware is involved, attackers may attempt to pressure M&S privately before making any public statements or demands.
In similar cases, stolen data is often used as leverage to extract payments from victims. M&S has not confirmed whether this scenario applies, but continues to monitor the situation closely.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
Protecting Customer Trust
M&S emphasized that customer trust remains a top priority. The company reassured its 64,000 global employees and millions of customers that every possible measure is being taken to secure its systems and maintain services.
Key Takeaways:
- Operations Affected: Click and Collect delays, stores and online services still running.
- Response Team: External cybersecurity experts engaged.
- Authorities Informed: NCSC and data protection bodies notified.
- Customer Communication: Apologies issued, updates promised.
Marks & Spencer operates over 1,400 stores worldwide and has a long-standing retail reputation. This incident highlights the growing cyber threats even large, established companies face today. As investigations continue, attention will remain on how M&S navigates this challenge while maintaining customer confidence.