M&S Still Suffering Cyber Incident Consequences, Processes Offline

share
Header image

M&S Still Suffering Cyber Incident Consequences, Processes Offline

share

M&S says some processes have been taken offline.


Contactless payments and click-and-collect at M&S remain unavailable days after a cybersecurity incident at the retailer forced it to take the services offline.

According to Computer Weekly, further details of the incident, which began on Monday 21st April remain unavailable, but M&S has enlisted third-party cyber forensics, as well as working alongside the National Cyber Security Centre (NCSC), to establish the facts.

Separate Issue

A separate issue had dogged contactless payments earlier in the Easter weekend. A branch in central London visited by SC UK on the evening of Thursday 24th saw staff informing potential customer that they were ‘cash only.'

In an update, M&S said it made the proactive decision to move some of its processes offline “to protect our colleagues, partners, suppliers and our business.” 

We are incredibly grateful for the understanding and support that our customers, colleagues, partners and suppliers have shown. We are working hard to restore our services and minimise disruption and are being supported by industry-leading experts.

Matt Saunders, field CTO at Adaptavist, said: "If there has been an intrusion then it’s important to limit the effects and stop it spreading further, so it’s no surprise to hear that M&S has taken systems offline. While it may cause frustration to customers, if they don’t yet understand how bad an incident is, the right thing is to take systems offline to protect them. Whilst everyone wants their systems back up as soon as possible, protecting customers and their data will take priority for any customer-focused company."

Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Cyber CrimeDetection and Response Published: 25 April Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Cyber incident involving rerouted payment drains Zephyr of £700K

Cyber incident involving rerouted payment drains Zephyr of £700K

 Hijacked NHS Scotland domains push adult content

Hijacked NHS Scotland domains push adult content

 UK cybercrime significantly outpaces police staffing growth

UK cybercrime significantly outpaces police staffing growth
Fraud losses top £629M as UK ramps up enforcement

Fraud losses top £629M as UK ramps up enforcement

 Youth cybercrime radicalization driven by online platforms, NCA leader says

Youth cybercrime radicalization driven by online platforms, NCA leader says

 Global cybercrime clampdown disrupts over 45K illicit IP addresses

Global cybercrime clampdown disrupts over 45K illicit IP addresses
Report: UK cyberattacks grow faster than global rate

Report: UK cyberattacks grow faster than global rate