M&S cyberattack shuts down key services as retailer scrambles to recover

Key systems taken offline to contain the ongoing cyber incident

Marks & Spencer (M&S) is still working to bring key systems back online after a cyber incident forced the retailer to disable several digital operations earlier this week.

The ongoing incident has left customers unable to use contactless payments and has disrupted click-and-collect orders, with delays to online deliveries expected to continue.

While physical stores remain open and the website and app are live, M&S has warned that key services remain offline as it works to contain the incident and investigate the cause.

“We are not currently processing contactless payments, we have paused the collection of Click & Collect orders in stores, and there may be some delay to online order delivery times,’ the company confirmed in its latest update on the incident.

The attack began over the Easter Bank Holiday weekend, one of the busiest shopping periods of the year in the UK. Customers quickly reported problems with payments, order collections, and the use of gift cards and vouchers. In some stores, staff announced that only cash or chip-and-pin payments could be accepted, with contactless systems down for several days.

M&S has not confirmed the nature of the attack, but as we reported earlier, the decision to move systems offline is a common response to ransomware threats.

Meanwhile, the company has reassured its partners and customers that it’s working with experts and will leave no stone unturned in its efforts to restore its services and minimise disruption.

Ongoing disruption raises questions about retail cyber readiness

While shoppers are likely to feel the impact of the outage, especially those relying on digital payments or online returns, the broader question revolves around how prepared large retailers really are for attacks of this scale.

Despite M&S offering limited transparency through regular updates, the lack of detailed timelines or clarity about the type of attack raises concerns. Other high-street names have often delayed confirming the extent of breaches or avoided public comment altogether.

Regardless of how transparent M&S chooses to be with this attack, one thing is for sure: the longer the outage continues, the harder it will be to avoid scrutiny, not just of the incident itself, but of the systems and contingency plans retailers have in place behind the scenes.

In its latest survey on UK cyber resilience, the Department for Science, Innovation and Technology found that cyber breaches and attacks remain alarmingly common among large businesses, with 74% reporting incidents in 2025. Despite this high rate, the survey also revealed that 44% of companies in the retail and wholesale sector continue to treat cybersecurity as a lower priority compared to other businesses.

This may help explain why UK retailers have become frequent targets for cyberattacks. In recent years, WHSmith, JD Sports, Transport for London and The Works have all been hit with varying levels of data breaches that forced them to take systems offline or suspend online sales, some involving compromised staff data and long operational downtime.

Want to know more? Computing 's Cybersecurity Festival returns to London in May, where senior IT decision makers can learn about modern challenges, compare strategies with peers, and source solutions. Click here to register for free.