Retail giant assures no data breach; incident reflects growing cyber threats to UK retail sector
British retail major Marks & Spencer (M&S) confirmed a cyberattack that disrupted in-store services over the Easter weekend, affecting contactless payments and Click & Collect orders. While online operations remained unaffected, store-level services faced intermittent outages, triggering customer frustration and operational delays.
The company emphasized that there is no evidence of personal or payment data being compromised and assured customers that IT teams are working with external cybersecurity experts to investigate the breach. The incident has also been reported to the National Cyber Security Centre (NCSC) for further analysis.
The attack comes amid a string of cyber incidents impacting UK businesses, including WH Smith and Royal Mail, underscoring rising threats to the retail sector’s digital infrastructure.
The company has pledged to enhance its cyber resilience and maintain transparency with affected users.
As cyberattacks grow more frequent and complex, the incident at M&S highlights the urgent need for robust cybersecurity frameworks across retail and other consumer-facing industries.