- M&S faces a continuous interruption after a cyber attack
- The attack has affected payment without contact and click systems and collect
- It is not yet clear if any client data is affected
The British retail giant Marks and Spencer have had to carry some systems and processes out of line after suffering a cyber attack that disabled without contact and clicks and collects services in the stores.
The interruption has now continued for several days, and many stores can not process payments without contact, and click and collect now in all stores. The new updates have confirmed that M&S has now stopped online orders as it deals with the attack, reports the Independent.
The retailer confirmed in a statement that to protect colleagues, partners, suppliers and business, M&S “has made the proactive decision to move some [of our] Out -line processes ”, which would be consistent with the response to a ransomware attack, although it is not yet clear if this is the case.
Retail value at risk
Physical stores, the website and the M&S application are still in operation, but this interruption could be very expensive for a store as large as this, since the operational losses and the damage to the reputation of the stores can be expensive.
The retail industry is a common objective for cybercriminals, since even a few hours of inactivity time can cost millions of dollars, which makes companies more likely to pay a ransom and, therefore, more vulnerable.
In early 2025, the Walmart ‘Sam’s Club’ membership program was beaten with a ransomware attack that, according to reports, affected thousands of staff, illustrating the vulnerability of the sector.
“The retail industry is operating with a very small margin and, therefore, the amount of attention or budget they can provide to address its cybersecurity position is usually scarce,” explains Pierre Noel, Field Ciso Emea in Expel.
“To address this, retailers must implement a continuous program of cyber risk quantification. One of its results is to generate and set the price of the scenarios of credible incidents, as well as to identify the mitigating controls and their associated costs. This information is very significant for the executives of Altos Altos and the Board, communicates effectively and places the responsibility to determine what risks are acceptable and which are not acceptable.
