British retail giant Marks & Spencer is working to recover from a cyberattack that triggered operational disruptions across its UK stores during the Easter holiday. Although the company’s website remained functional, several in-store services were affected, frustrating customers and sparking concern over potential data exposure.
The incident forced M&S to temporarily alter store processes as a precautionary measure. In a filing with the London Stock Exchange, the company stated it acted swiftly to contain the threat, prioritizing the safety of both customers and internal systems. It apologized for the inconvenience caused by the unexpected changes.
While the company did not provide specifics on the nature of the attack, it confirmed that it had engaged cybersecurity professionals to investigate the breach and was actively cooperating with law enforcement and regulatory authorities.
In an update shared on social media, a company representative acknowledged lingering issues with their click-and-collect service. Customers were urged not to visit stores unless they had received a direct confirmation email regarding their orders.
Additionally, M&S confirmed that its gift card payment systems and contactless transactions had also been hit by the technical outage. These disruptions suggest that the underlying incident may have involved a ransomware attack, although no official confirmation has been given. The company has also not disclosed whether customer data was accessed or compromised.
As Marks & Spencer continues restoring full functionality, it has emphasized its commitment to enhancing network security to avoid further disruptions.
