Marks & Spencer hit by cyberattack

Marks and Spencer cyberattack affects orders and payments

British retailer Marks & Spencer (M&S) has experienced a cyber incident that caused significant disruption to its services. Customers reported problems placing online orders and using contactless payments both online and in-store.

A disruption in the digital checkout

On April 22, M&S confirmed that a cyberattack had affected its systems. The incident caused issues with online orders, click-and-collect services, and in-store contactless payments.

The company quickly issued a public apology and stated that its teams were working with external cybersecurity experts to resolve the problem. So far, there is no evidence that customer data has been compromised.

M&S said in a statement: “We’re sorry some customers have had issues, we’re urgently working to resolve things.”

A growing trend in retail cyberattacks

Although details about the nature of the attack remain unclear, it follows a trend seen across the retail industry. Large companies are increasingly targeted by cybercriminals looking to disrupt operations and damage trust.

Attacks like this often focus on critical systems such as payment infrastructure and order fulfilment. Disrupting these services can be more damaging than stealing data, especially when it impacts thousands of customers in real time.

What we know so far

At this stage, M&S has not disclosed how the attackers gained access to their systems. The exact method remains unknown, but experts speculate that it could involve tactics such as malware, ransomware, or phishing.

The investigation is still ongoing, and M&S is working closely with cybersecurity specialists to restore full functionality and determine the root cause of the incident.

In the meantime, if you're curious about what these types of attacks involve, we've broken them down for you: You can learn how malware sneaks into systems and causes chaos, what makes ransomware so effective for extortion, and how phishing tricks even the savviest users. Knowing the signs of each is key to staying secure in today’s threat landscape.

Building stronger cyber resilience

While the full impact of this incident is still being assessed, it highlights the importance of strong cybersecurity in the retail sector.

• Companies can take steps to protect themselves, including:

• Limiting access between systems to prevent widespread damage

• Monitoring systems continuously for suspicious activity

• Training employees to recognise phishing and social engineering tactics

• Testing response plans regularly

At Moxso, we believe cyber resilience is about preparation as much as it is about reaction. The sooner a threat is identified and contained, the less damage it can cause.

What happens next?

M&S has promised to share more information as soon as it becomes available. In the meantime, the company is working to resolve technical issues and reassure customers.

If you’ve recently used M&S services, keep an eye on your accounts and be cautious of any messages claiming to be from the company. Cybercriminals often use moments of confusion like this to launch follow-up attacks or phishing scams.