Marks & Spencer confirmed Tuesday that it is responding to a cybersecurity incident, following several days of operational disruptions and reported outages impacting customers.
In a customer advisory signed by its chief executive Stuart Machin, the British retailer acknowledged that it has been managing a cyber incident that occurred over recent days. The company explained that due to the incident, it was necessary to implement “operational changes” designed to safeguard both customers and the business.
Marks & Spencer assured customers that its physical stores remain open, and that its online platforms, including its website and mobile application, are currently operating as usual.
The exact nature of the cyberattack, as well as any potential implications for customer data and personal information, remain unclear at this stage. Marks & Spencer has yet to clarify the scope or specifics of what occurred.
In an official filing with the London Stock Exchange, the retailer confirmed having engaged external cybersecurity consultants to assist with the investigation while also alerting relevant data protection regulators as part of its compliance duties.
Customers initially raised concerns after experiencing payment terminal outages in various Marks & Spencer locations, alongside disruptions in fulfilling pick-up orders. Affected shoppers shared reports on social media platforms, prompting the retailer to publicly acknowledge it was actively addressing technical issues across its stores.
Marks & Spencer, a major presence in UK retail, reported serving approximately 32 million customers in its 2024 annual report.
