Marks and Spencer (M&S) has paused all sales on its website and mobile app while dealing with a cyber security incident. A spokesperson shared this update on social media, saying they made the decision as part of their proactive management. Customers can still browse products online, but they can’t place orders for now. M&S regrets the inconvenience and assures that stores remain open.
Earlier this week, M&S mentioned there was no immediate action required from customers, and that remains unchanged. Their team, alongside cyber security experts, is working hard to restore online shopping.
This incident began over the Easter weekend and initially impacted contactless payments and click-and-collect services. Speculation about possible ransomware or extortion has surfaced, though M&S hasn’t confirmed this.
M&S is collaborating with third-party security providers and the National Cyber Security Centre (NCSC) to understand what happened. Often in these situations, detailed information is scarce during the initial investigation to avoid complicating matters further.
William Wright, CEO of Closed Door Security, noted that the incident is significantly impacting M&S, as online sales make up nearly a quarter of its revenue. Even a short pause could have financial repercussions.
While M&S asserts that customer data hasn’t been compromised yet, Wright warns that this could change as more details emerge. He advises customers to monitor their online accounts and bank statements closely.
Scammers may exploit this situation, creating phishing campaigns that appear to come from M&S, potentially tricking customers into sharing personal information.
Wright emphasizes the importance of vigilance. He suggests avoiding links or attachments from unknown sources and recommends checking email addresses carefully. For reliable updates, he advises visiting the official M&S website or checking their social media channels.