Marks & Spencer (M&S) has confirmed it is managing a cyber incident that has caused minor disruptions to its store operations in the last few days.
Despite the security breach, the British retailer reassured customers that all stores remain open and that its website and mobile app are operating as normal.
In a statement released today, M&S said: “As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business and we are sorry for any inconvenience experienced. Importantly, our stores remain open and our website and app are operating as normal.”
The company apologized for any inconvenience but emphasized that customer trust remains a top priority.
In the wake of the incident, M&S says it has enlisted the help of external cybersecurity experts and has taken additional steps to bolster its network defenses. It also reported the incident to relevant authorities, including the UK’s data protection supervisory bodies and the National Cyber Security Centre (NCSC).
At this time, M&S has not provided specifics about the nature of the cyberattack or whether any customer data was compromised, saying it would provide further updates if the situation evolves.
The incident comes just ahead of a major corporate milestone: M&S’s financial year ended on 29 March 2025, with full-year results set to be announced on 21 May 2025. While it is unclear if the cyberattack will have any material impact on its earnings or operations, the timing adds pressure as the company prepares for its financial disclosures.
Retail in the Crosshairs
Marks & Spencer, a staple of UK high streets for over a century, joins a growing list of major retailers grappling with cybersecurity threats, underlining the continued risk attacks pose to these businesses and their customers.
High street retailer WHSmith confirmed it was hit by a cyberattack that exposed some of its workers’ personal data. The company said customer systems remained unaffected, but the incident is under investigation.
A few years before, a data breach at Saks Fifth Avenue, Saks Off Fifth, and Lord & Taylor compromised millions of customer payment cards. Parent company Hudson’s Bay reported the breach and launched an investigation to contain the attack.
And who could forget the Target breach that remains one of the largest in history, with hackers stealing data from 40 million credit and debit cards. Target ultimately paid an $18.5 million settlement, offering important cybersecurity lessons that still resonate today.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.