Pierluigi Paganini April 23, 2025

Marks & Spencer (M&S) confirmed it’s managing a cyber incident after multiple customer complaints surfaced on social media.

Marks and Spencer Group plc (M&S) announced it has been managing a cyber incident in recent days with the help of external cyber security experts. Customers report outages affecting card payments, gift cards, and M&S’s Click and Collect service across electronic payment systems.

“Marks and Spencer Group plc (the Company, or M&S) has been managing a cyber incident over the past few days. As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business and we are sorry for any inconvenience experienced. Importantly, our stores remain open and our website and app are operating as normal.” reads the Cyber Incident Update published on the London Stock Exchange.

“The Company has engaged external cyber security experts to assist with investigating and managing the incident.”

The company immediately reported the incident to the relevant data protection supervisory authorities and the National Cyber Security Centre. The company did not share technical details about the attack.

M&S is a major British multinational retailer headquartered in London. Founded in 1884, it’s best known for selling clothing and home goods and food products. It is listed on the London Stock Exchange (LSE) and is a constituent of the FTSE 100 Index.

The company operates both physical stores and online services, with a strong presence in the UK and some international markets. It’s a household name in the UK, often associated with tradition, quality, and British heritage.

“We are taking actions to further protect our network and ensure we can continue to maintain customer service,” continues the update.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs –hacking, Marks & Spencer)