UK retail giant Marks & Spencer has confirmed it is managing a cybersecurity incident, following several days of service disruption that affected store operations and customer experiences. The company disclosed the Marks & Spencer data breach incident in a filing to the London Stock Exchange on April 22, 2025, and reassured customers that while some operations were temporarily adjusted, its stores remain open and both its website and app are currently functional.
The Marks & Spencer data breach incident has raised concerns about cybersecurity preparedness in large retail chains. According to the official filing released at 14:14 BST on Monday, Marks & Spencer took quick action after detecting the breach. The company stated:
“As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business, and we are sorry for any inconvenience experienced.”
Details of the Marks & Spencer Data Breach
While the full extent of the cyberattack on Marks & Spencer remains unclear, the retailer emphasized that it has engaged external cybersecurity experts to assist with the investigation and mitigation efforts. Additionally, the incident has been reported to the National Cyber Security Centre (NCSC) and relevant data protection authorities.
So far, Marks & Spencer has not confirmed whether customer data has been compromised, a key detail eagerly awaited by both the public and cybersecurity observers. The company has promised further updates should the situation evolve.
This data breach at Marks & Spencer has already impacted some in-store services, including its popular Click & Collect function. On the social media platform X (formerly Twitter), customers have expressed frustration with ongoing technical issues.
Social Media Users Share New Stories
One user, @JohnWH79, posted on April 19:
“Do companies even have business continuity plans anymore? Computers go down and even the basics seem impossible. ‘Sorry sir, finding parcels is what the computer does.’”
In response, Marks & Spencer’s official X account acknowledged the disruption and issued an apology:
“… is now back up and running. Please accept my sincere apologies that at the time you visited your local store, this issue directly affected you, as well as other customers.”
However, further comments from customers suggest the issues are not entirely resolved. As of April 22, Click & Collect services in some stores remain down, prompting more concern.
M&S replied to one such comment:
“We are working hard to resolve some technical issues in our stores, and we are not able to process click and collect orders in some stores at this time. Apologies for the inconvenience – Amelia.”
Customers also questioned the absence of basic contingency plans. One post asked why no manual system, like “paper and pen,” was in place during the downtime.
Conclusion
The Marks & Spencer cyberattack comes at a pivotal moment for the retailer, with its financial year having ended on March 29, 2025, and full-year results set for release on May 21. As analysts closely monitor the potential impact on customer confidence and company performance, Marks & Spencer has yet to issue further statements beyond official filings and social media responses.
While representatives such as Fraser Ramzan and the Corporate Press Office remain available for inquiries, no new information has emerged regarding the nature or scope of the data breach at Marks & Spencer. This is an ongoing story, and The Cyber Express will be closely monitoring the situation, and we’ll update this post once we have more information on the attack.
