British retail giant Marks & Spencer has confirmed a cyber incident that has paralyzed contactless payments and online ordering across the country. All 1,049 M&S stores have been affected.
Marks & Spencer (M&S) – one of the oldest retail operators in the UK – has reported a serious cyber attack that has disabled payment terminals and the online ordering system in stores. According to company representatives, the incident occurred over the past few days, and a notification has already been sent to the UK’s National Cyber Security Center.
The problems turned out to be massive: failures were recorded in all 1,049 stores across the country. Contactless payment services stopped working, and the “Click and Collect” function is temporarily unavailable. Despite this, the website and mobile app remain active.
In an official statement, M&S CEO Stuart Machin personally addressed customers, expressing gratitude for their patience and support. The company also assured that it had taken immediate measures to limit the damage and prevent the further spread of the threats.
Marks & Spencer is a company with a history of more than 140 years, which owns many brands in the field of clothing, food, cosmetics and banking. In 2024, the chain earned £13 million, serving millions of customers and having a staff of 75,000 employees.
It has not yet been revealed which group was behind the attack, but the company has already brought in external cyber experts to analyze the situation. It has not yet been confirmed whether the personal data of employees or customers was stolen, but M&S promised to promptly inform victims if the leak is confirmed.
The cyber incident at Marks & Spencer is another example of how vulnerable even a powerful retail chain is. The chain has not only lost its functional services, but also suffered a reputational blow. This is a signal for all businesses: investing in cyber protection should be a priority, and it is important to have not only security systems, but also a rapid response strategy.
197 
149 
133 