The Marks & Spencer (M&S) group has been dealing with a cyber incident in recent days that has compromised its Click & Collect service and contactless payments.

On Tuesday, the retailer informed the London Stock Exchange (LSE) and its customers of the cyber issue in a statement, explaining that it had engaged external cybersecurity experts to assist with the investigation and management of the incident.

M&S chief executive Stuart Machin said in a letter to customers there may still be some limited delays to its click and collect service, which the company is “working hard to resolve.”

“As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business and we are sorry for any inconvenience experienced,” the retailer said in a notice to investors.

Although M&S didn’t provide further information on the glitch, global business technology business ITPro said the incident didn’t involve any breach of customer data.

Social media users have been reporting problems since Saturday, citing difficulties in making returns and the unavailability of Click & Collect orders in stores due to technical difficulties.

Complaints flocked on social media X, with a user calling the issue “a total failure for customers”, with comments highlighting how a simple message to customers would have helped manage the situation.

As it works to resolve the issue, M&S confirmed that its stores remain open and that its website and app continue to operate as normal.

“We are taking actions to further protect our network and ensure we can continue to maintain customer service,” it said.

The company has also reported the incident to the relevant data protection supervisory authorities and the National Cyber Security Centre.

“Customer trust is incredibly important to us, and if the situation changes an update will be provided as appropriate,” it said.

Daniel Card of the Chartered Institute for IT (BCS) emphasised to the BBC how the incident was “a reminder of the gap that often exists between our perception of cyber resilience and the reality.”

"Even well-resourced organisations aren't immune, which underlines the importance of action at every level," he added.

The move comes after Morrisons faced IT issues at the end of last year which led to orders being cancelled during the peak festive season. The glitch impacted More Card discounts, home delivery and Click & Collect orders just days before Christmas.







 

 

---