Marks & Spencer is keeping tight-lipped about a “cyber incident” that has hit the business after apologising to customers who have been affected by disruption to contactless payments and online orders in recent days.
The retailer insists it is “working hard to resolve” the issue, which it has reported to the National Cyber Security Centre and the Information Commissioner’s Office.
M&S has also hired cybersecurity experts to help investigate and manage the problem and was “taking actions to further protect our network” to ensure it could continue serving shoppers.
The incident began on Monday with contactless payments and click and collect orders hit across the UK; there was a separate technical problem on Saturday, which only affected contactless payments. Even so, some shops are not able to accept gift vouchers.
The retailer has told customers and staff they do not need to take any action, suggesting data has not been accessed.
In a statement to the stock exchange M&S said it had found it “necessary to make some minor, temporary changes to our store operations to protect customers and the business” and was “sorry for any inconvenience experienced”. It said stores remained open and its website and app were operating as normal.
“Customer trust is incredibly important to us, and if the situation changes an update will be provided as appropriate,” the company said in a statement to the City.
However, the stock market notification did not include details about when the incident took place or what kind of incident it is suspected to be, although cyber experts already have their suspicions.
ESET global cybersecurity advisor Jake Moore commented: “This highlights the significant impact cyberattacks can have in the public domain. Many ransomware attacks are dealt with behind the scenes which can make people think the problems are eroding but when customers are directly affected, the knock-on effects are far more widely noted.”
M&S says it will keep the public informed as the situation develops and will continue to implement protective measures to shore up its digital infrastructure.
For now, customers are advised to check the M&S website for updates on service availability and to consider using alternative payment methods when shopping in-store.
The incident at M&S adds to a growing list of similar attacks affecting major UK organisations, including Transport for London, WH Smith and Royal Mail.
Related stories
Ransomware fine fuels security warning to all UK firms
Cock-up culture: Staff guilty of 90% of data breaches
Ransomware victims who pay up are nearly all hit again
Gamers attacked as Fortnite firm suffers data breach
UK firms braced for fresh wave of ransomware attacks
UK firms still in dark over new cyber security measures
Be the first to comment on "Experts wade in as M&S plays down ‘cyber incident’"