Marks & Spencer confirms a cyberattack as customers face delayed orders

Marks & Spencer (M&S) has disclosed that it is responding to a cyberattack over the past few days that has impacted operations, including its Click and Collect service.

The company is a British multinational retailer known for selling various products, including clothing, food, and home goods. Marks & Spencer operates over 1,400 stores and employs 64,000 employees globally.

The company confirmed the cybersecurity incident in a press release on the London Stock Exchange, stating that they are working with cybersecurity experts to manage and resolve the situation.

“Marks and Spencer Group plc (the Company, or M&S) has been managing a cyber incident over the past few days,” reads the M&S statement.

“As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business and we are sorry for any inconvenience experienced. Importantly, our stores remain open and our website and app are operating as normal.”

“The Company has engaged external cyber security experts to assist with investigating and managing the incident. We are taking actions to further protect our network and ensure we can continue to maintain customer service.”

M&S did not provide specific details on the nature of the cyber incident but said it notified the data protection supervisory authorities and the National Cyber Security Centre.

While M&S stores, its website, and its app remain operational, the company says that the cyberattack has caused some disruption to its operations.

This includes delays in its Click and Collect order system, telling customers to wait for an email stating an order is ready for pick up before coming to the store.

In an email sent to affected customers, M&S apologized for the inconvenience and assured customers that efforts were underway to resolve the issues and resume regular service.

No ransomware gangs or other threat actors have claimed responsibility for the attack, and likely won’t for quite a while, as they pressure the company into paying an extortion demand.

However, if ransomware is behind this attack, data is likely stolen and will be used as further leverage to convince the company to pay.

BleepingComputer contacted Marks & Spencer with questions about the attack and will update the story if we receive a reply.