M&S checkout chaos persists as cyberattack fallout continues

News
By published

Frustration for M&S shoppers continues

Marks and Spencer store UK
(Image credit: Shutterstock.com / WD Stock Photos)
  • M&S facing ongoing disruption after a cyberattack
  • The attack has affected contactless payment and Click and Collect systems
  • It's still not clear if any customer data is affected

British retail giant Marks and Spencer has had to take some systems and processes offline after suffering a cyberattack which disabled contactless and Click and Collect services in stores.

The disruption has now continued for several days, with many stores still unable to process contactless payments, and Click and Collect now paused in all stores.

The retailer confirmed in a statement that in order to protect colleagues, partners, suppliers, and the business, M&S has “made the proactive decision to move some [of our] processes offline”, which would be consistent with the response to a ransomware attack - although its not yet clear if this is the case.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month.

Keeper generates and stores strong passwords so you never have to remember them again. Don’t let one weak password leave you exposed.

Preferred partner (What does this mean?)

View Deal

Retail at risk

Physical stores, the website, and the M&S App are still up and running, but this disruption could be seriously costly for a store as big as this - as operational losses and damage to reputation for stores can be costly.

The retail industry is a common target for cybercriminals, as even a few hours of downtime can cost millions of dollars, making firms more likely to pay a ransom, and therefore more vulnerable.

Earlier in 2025, Walmart membership programme ‘Sam’s Club’ was hit with a ransomware attack that reportedly affected thousands of staff - illustrating the sector’s vulnerability.

“The retail industry is operating on a very small profit margin, and therefore the amount of attention or budget they can give to addressing their cybersecurity posture is usually scarce,” explains Pierre Noel, Field CISO EMEA at Expel.

“To address this, retailers must implement a continuous cyber risk quantification programme. One of its outcomes is to generate and price credible incident scenarios, as well as to identify mitigating controls and their associated costs. This information is very meaningful for senior executives and the board, communicates effectively, and places the responsibility on them to determine which risks are acceptable and which are not.”

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.