M&S has admitted it is battling a cyber incident.

In an email received by SC UK, M&S CEO Stuart Machin said the company has been managing a cyber incident “over the last few days.”

Small Changes

Confirming that stores, website and its app are unaffected, but Click and Collect orders may face delays, Machin said “it was necessary to temporarily make some small changes to our store operations, and I am sincerely sorry if you experienced any inconvenience.”

“There is no need for you to take any action at this time and if the situation changes, we will let you know,” he said. “We have been working hard with the best experts to manage this, and I want to thank them and my colleagues for their hard work.”

Ian McShane, cyber expert at Arctic Wolf, said: “The tech issues experienced by M&S over the Easter weekend highlight the fact cyber attackers never take a day off. Criminals are always on the lookout to cause the most disruption for the least amount of effort.

“Given the long weekend is the second biggest trading event for food and drink retailers after Christmas, this is exactly what happened here as the majority of the British public enjoyed the long weekend. 

“Incidents like this should serve as a reminder to other retailers on the importance of good cyber hygiene. It is vital they take the time now to evaluate their cyber defences to ensure they are robust enough to meet evolving cyber threats, even when workers are on holiday.”

Financial Gain

According to NCC Group’s 2024 Cyber Threat Intelligence Report on the Retail Sector, organised crime groups are most likely to be targeting retailers, seeking financial gain from direct theft and selling stolen PII for profit. “NCC Group ransomware statistics suggest that the retail sector remains a popular target,” it said.

Matt Hull, NCC Group's global head of threat intelligence, said: “This latest cyber incident should not be dismissed as an isolated event. For example ransomware cases in February rose by 50 percent from January with 886 attacks. There is an urgent need for all sectors to respond to this increased targeting from threat actors, but especially those storing huge amounts of data.

“Now more than ever businesses should expect to be a target for cyber criminals and take a proactive approach to security rather than waiting for potential threats to strike.”

Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.