Marks & Spencer (M&S) has confirmed it has been managing a cyber incident over the past few days, prompting temporary operational changes across its UK business. The company reassured customers that its stores, website, and mobile app remain fully operational, although minor disruptions have occurred.
In a letter to customers, M&S Chief Executive Stuart Machin addressed the situation, explaining the company’s swift response to safeguard customer data and maintain business continuity.
“To protect you and the business, it was necessary to temporarily make some small changes to our store operations, and I am sincerely sorry if you experienced any inconvenience,” the letter read.
While no specific details were shared regarding the nature or scope of the cyberattack, M&S acknowledged there may be limited delays to Click and Collect orders. The retailer said teams are actively working to resolve the issues.
M&S stressed that there is no need for customers to take any action, adding that any significant updates will be communicated directly.
“We know how much our customers trust M&S, and that trust is incredibly precious to us,” said Machin. “We have been working hard with the best experts to manage this.”
The company praised its staff and external partners for their rapid response and thanked customers for their continued loyalty and patience during the disruption.
Cybersecurity experts have commended M&S for its transparency and swift customer communication amid growing concerns over cyber threats in the retail sector.
Customers seeking more information are encouraged to monitor official M&S communications. The company has not indicated whether any personal data was compromised, nor has it disclosed whether the incident involved ransomware or another form of cyber intrusion.
This development follows a broader trend of UK retailers strengthening their cybersecurity defences in response to the increasing frequency of cyberattacks targeting customer-facing systems.
