Last weekend (20th April 2025), Marks & Spencer (M&S), one of the UK’s leading retailers, experienced a significant cyberattack that disrupted key services across its operations. The incident affected contactless payments and delayed Click & Collect order pickups in stores, though M&S assured customers that its website and mobile app continued to function normally.
What Happened
The cyber incident began over the weekend, with customers reporting issues as early as Saturday. By Monday, M&S had implemented temporary changes to store operations to protect customers and the business. These included disabling contactless payment systems and limiting Click & Collect services.
While M&S has not disclosed the exact nature of the attack – such as whether it involved ransomware or data theft – it has stated there is currently no evidence that customer or employee data has been compromised. Nonetheless, the company has notified the UK’s National Cyber Security Centre and the Information Commissioner’s Office, and is working with external cybersecurity experts to investigate and contain the breach.
Current Status
As of April 23, M&S reports that contactless payment systems are back online, and stores, along with the website and app, are operating normally. However, some customers may still experience delays with Click & Collect orders. The company has apologised for the inconvenience and emphasised that customer trust and data protection remain top priorities.
Broader Context
This incident is part of a broader trend of cyberattacks targeting UK businesses. Recent victims include Transport for London, Royal Mail, and WH Smith. A 2022 government report indicated that 40% of UK businesses had experienced a cybersecurity incident in the prior year. The Guardian
What You Should Do
While M&S has not advised customers to take specific action, it is generally recommended to:
- Monitor your accounts for any unusual activity.
- Be cautious of unsolicited communications claiming to be from M&S.
- Change your M&S account password if you have concerns, especially if you use the same password on other sites.
M&S has pledged to provide further updates if the situation evolves.
Strengthening Your Cybersecurity Posture
This recent cyberattack on Marks & Spencer has sent a clear message to the UK retail sector: cybersecurity is no longer optional – it’s business critical. Disruption to payments, delayed order fulfilment, and shaken consumer confidence are just a few of the consequences that even well-established brands can face.
This is not an isolated incident. With cyberattacks on the rise across sectors – from Royal Mail to Transport for London – businesses must shift from reactive to proactive strategies.
At MTI, we have been delivering end-to-end cyber security solutions and services, for over 35 years, empowering organisations to anticipate threats, defend systems, and recover swiftly from incidents. We help you build resilience through a structured, lifecycle-based approach:
Assess & Advise
Our experts work with you to evaluate your current cybersecurity posture through detailed risk assessments, gap analyses, and penetration testing. This ensures we understand your specific vulnerabilities and compliance needs before recommending a tailored security strategy.
Design & Implement
Based on our findings, we design robust, scalable security architectures that integrate seamlessly with your business. Whether deploying new Privileged Access Management (PAM) tools or upgrading your endpoint protection, we ensure your defences are both practical and future ready.
Monitor & Manage
Cybersecurity is not a one-time fix. Through our Managed Detection and Response (MDR) and other managed services, we provide 24/7 monitoring, real-time threat intelligence, and rapid incident response – so you’re always one step ahead.
Don’t wait for a breach to take action. Protect your customers. Preserve your reputation. Ensure business continuity.
Contact MTI today to schedule a cyber security consultation and find out how our end-to-end services can help safeguard your digital assets in an increasingly hostile threat landscape.