Cyber attack forces M&S to stop taking orders online sending shares plummeting

BRISTOL, UNITED KINGDOM - AUGUST 11: In this photo illustration a laptop displays the Marks and Spencer website on August 11, 2014 in Bristol, United Kingdom. This week marks the 20th anniversary of the first online sale. Since that sale - a copy of an album by the artist Sting - online retailing has grown to such an extent that it is now claimed that 95 percent of the UK population has shopped online and close to one in four deciding to shop online each week. (Photo Illustration by Matt Cardy/Getty Images) — The retailer has not disclosed the nature of the cyber incident (Picture: Getty Images Europe)

Marks and Spencer paused all online and app orders, days after a cyber incident paralysed its contactless payment system.

M&S was rocked over Easter by technical issues that meant shoppers could not tap their cards to pay or click and collect.

The supermarket chain confirmed Tuesday the hiccups were down to a ‘cyber incident’, with no reports of customer data being compromised.

While systems were briefly back online, payment systems were unplugged once again as part of its ‘proactive management of the incident’.

In the days since, shares of the FTSE 100 retailer have tumbled to 377p from 411p last week.

M&S said today that it has now paused taking orders via its UK & Ireland websites and apps and some M&S International-operated websites.

M&S Marks and spencers — The retailer said shoppers can still browse online (Picture: M&S)

‘The M&S product range is available to browse online, and our stores remain open and ready to welcome and serve customers,’ it said in a statement released this afternoon.

‘We continue to manage the incident proactively and the M&S team – supported by leading experts – is working extremely hard to restore online operations and continue to serve customers well.

‘We previously informed customers that there was no need to take any action. That remains the case, and we will let them know, if the situation changes.

How can M&S customers protect themselves from cyber scams?

Cybersecurity experts caution that customers should be ‘wary’ of any communication they receive about their recent M&S orders.

‘In the aftermath of a cyber incident, we often see a spike in related malicious activity, as cyber criminals look to exploit the confusion and disruption,’ Robert Cottrill, technology director at digital transformation company ANS, told Metro.

‘Cyber attackers can take the opportunity to target M&S customers, for example with scam emails, texts, or even phone calls that seek to steal valuable data and information.’

On how customers can protect themselves, Cottrill adds: ‘Always be cautious of unsolicited contact, especially over the phone. Scammers can spoof numbers or even use AI to mimic voices. If you’re in doubt, hang up and verify the caller using the contact details listed on the official website.

‘Think twice before sharing personal details online or via email. If you’re asked for sensitive information like bank details, it’s likely a scam. Rather than clicking on links in suspicious emails, go directly to the company’s website to verify any requests – it’s a small step that could prevent a major phishing attack.

‘Reporting scams you come across is essential to ensuring others don’t fall victim, and slowing down their momentum.’

‘We remain grateful for the support that our customers, colleagues, partners and suppliers have shown during this time and will provide further updates, as appropriate.’

Metro understands that refunds are being processed at full-line stores but gift cards cannot be used as a payment option.

In 2023, more than nine in 10 in-store card transactions in M&S under £100 were contactless.

Get in touch with our news team by emailing us at webnews@metro.co.uk.

For more stories like this, check our news page.