Marks & Spencer has issued an apology after a ‘cyberincident’ disrupted contactless payments in its stores.
The retailer said delays to click-and-collect orders were ongoing but assured customers it was ‘working hard to resolve’ the issue.
It also told customers and staff that no action was required on their part, suggesting no personal data had been compromised.
In a statement to the stock exchange, M&S said it had deemed it “necessary to make some minor, temporary changes to our store operations to protect customers and the business” and added that it was “sorry for any inconvenience experienced.”
Jamie Moles, Senior Technical Manager at ExtraHop, said: “While we don’t yet have the full details of the M&S cyber incident, the company’s dedication to protecting the network highlights the critical importance of a modern network security strategy.
“Incidents like this demonstrate how essential it is to have real-time visibility, threat detection and rapid response capabilities across all digital infrastructure. Network visibility can play a pivotal role, helping organisations detect anomalies early, isolate potential threats and maintain service continuity.
“In today’s environment of increasingly sophisticated attacks, proactive network security isn’t just a technical requirement, it’s a core part of exposing risks and maintaining operational resilience.”
James Hadley, Founder and Chief Innovation Officer at Immersive, said: “No matter how big or small, breaches have the potential to damage an organisation’s bottom line, making frequent cyberdrills essential to limiting their impact. As the threat landscape continues to evolve, offering realistic crisis simulations is necessary to instil confidence in business leaders and give them the proof they need to better understand their organisation’s cyber capabilities and shortcomings.
“In a world where a data breach or disruption is seemingly inevitable and increasingly expensive, check-the-box awareness is no longer enough. Hands-on, measurable exercising programs for specific individuals, teams and departments are essential in mitigating the impact of these events and ensuring businesses’ most sensitive data remains secure.”
