Marks and Spencer has apologised for a recent cyber incident affecting contactless payments and click-and-collect orders across UK stores. Despite operational challenges, stores remain open and staff have been praised for their professionalism.
Marks and Spencer (M&S) has recently experienced a significant disruption affecting customer payments and order fulfilments across multiple UK stores. The retailer issued an official apology following a “cyber incident” that has been ongoing for several days, which impacted the ability to make contactless payments and process click-and-collect orders.
The company’s chief executive, Stuart Machin, acknowledged the challenge in a statement released on Tuesday, 22 April, explaining that the issue led to the temporary introduction of some operational changes in stores to manage the situation. Despite the difficulties, Machin reassured customers that all M&S stores remain open, and the brand’s website and app continue to function normally. Importantly, he confirmed that there is no current evidence of individual data breaches and customers were told no action was required on their part. Should circumstances change, Machin pledged swift communication to keep customers informed.
Although the incident initially sparked frustration among shoppers—some expressing annoyance on social media after being told to pay with cash—the response from customers has shifted positively, particularly regarding the handling of the situation by store staff. Numerous customers took to social platforms to commend M&S employees for their professionalism and compassion during the disruption.
A customer reflecting on the experience at the Brooklands store said: “I had a suit fitting booked in your Brooklands store on Monday at 12:30. Because of the incident your staff didn’t know I was due to attend so they weren’t ready for me. But that didn’t stop them. Graeme the suit fitter was an absolute diamond and couldn’t have been more apologetic or helpful. Thank you M&S.”
Other customers shared similar sentiments, highlighting excellent service at different locations. One noted, “Staff at Basingstoke Festival Place were excellent yesterday. M&S always go the extra mile to ensure customers have the best experience.” Meanwhile, praise continued for teams at Ellesmere Port and Team Valley Gateshead, where staff were commended for their grace in dealing with challenges and for supporting customers with clear guidance and alternative solutions.
M&S CEO Stuart Machin concluded his apology by expressing gratitude to “the best experts” and colleagues working tirelessly to resolve the issue. He emphasised the value of customers’ trust, calling it “incredibly precious” to the company.
Marks and Spencer, a long-established British retailer founded as a market stall in Leeds in 1884, remains a key player in the UK retail landscape. It offers a diverse range of products, including clothing, accessories, homeware and food, catering to all age groups. The recent incident has tested the resilience of the business and its staff, who have received widespread public recognition for their dedication amid the disruption.
Source: Noah Wire Services
- https://www.infosecurity-magazine.com/news/ms-grapples-with-cyber-incident/ – This URL corroborates the occurrence of the cyber incident at Marks & Spencer, which affected in-store services like contactless payments and click-and-collect orders. The article also mentions that M&S has engaged external cybersecurity experts to manage the incident.
- https://techcrunch.com/2025/04/22/marks-spencer-confirms-cybersecurity-incident-amid-ongoing-disruption/ – This article provides details about the cyber incident at M&S, noting disruptions to in-store payment services and click-and-collect orders. It also mentions that the company’s website and app remain operational.
- https://www.retailgazette.co.uk/blog/2025/04/ms-cyber-incident/ – This source confirms the cyber incident has caused issues with contactless payments and click-and-collect services across UK stores. It highlights the technical challenges faced by shoppers.
- https://www.enterpriseitworld.com/marks-spencer-hit-by-cyberattack-disrupts-in-store-services/ – This article reports on the cyberattack affecting M&S’s in-store services, including contactless payments and click-and-collect orders. It also notes that there is no evidence of personal or payment data being compromised.
- https://www.noahwire.com – This URL is mentioned as a source for the original article, although specific details from Noah Wire Services regarding Marks & Spencer are not available in the search results. However, it would provide context to the story.
