Marks & Spencer halts online orders after a cyberattack disrupts operations and triggers recovery efforts.
British retail giant Marks & Spencer (M&S) has paused online orders after disclosing a cyberattack that disrupted several of its services. The multinational company, which operates more than 1,400 stores and employs 64,000 people worldwide, announced that its websites and apps would remain open for browsing but would not process new purchases while recovery efforts continue.
M&S, listed on the London Stock Exchange and a member of the FTSE100 Index, reported £13 billion in revenue for the 2024 fiscal year. The cyber incident has also affected in-store services, including contactless payments and Click & Collect operations.
In updates provided to customers, M&S confirmed that the attack forced the company to take certain systems offline as a precaution to protect customers, partners, suppliers, and internal operations. Online orders that have already been placed will be held at stores indefinitely, regardless of collection deadlines, until the situation is resolved.
While M&S has not disclosed the nature of the attack or whether customer data has been compromised, no ransomware groups or other threat actors have publicly claimed responsibility. Typically, ransomware operators may delay publicizing stolen data as they attempt to pressure victims into paying ransoms, suggesting that a larger extortion attempt could still unfold if data were exfiltrated.
In a statement, M&S said, “As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps. Our product range remains available to browse online. We are truly sorry for this inconvenience.”
The company also reassured customers through social media replies, explaining that all pending orders will remain held in stores and that teams are working “hard to restore services and minimize disruption.”
Marks & Spencer’s situation proves the growing vulnerability of major retailers to cyberattacks that disrupt both digital and in-person operations. As commerce relies on online infrastructure, attacks like these can create business risks, impact customer trust, and incur financial losses.
Retailers, particularly those with complex supply chains and high-volume customer data, face mounting pressure to strengthen their cybersecurity posture. Whether ransomware is ultimately confirmed in this case or not, M&S’s experience serves as a warning of how quickly operations can be derailed and indicates the need for proactive, resilient cybersecurity strategies.
Pausing transactions prevents further damage, protects customer data, and gives security teams space to investigate and contain the threat.
Retail systems are often interconnected, so an attack on online platforms can disrupt payment processing, inventory management, and order fulfillment systems in stores, too.
If data is exfiltrated, companies could face regulatory fines, lawsuits, reputational damage, and loss of customer trust, all of which can have long-term financial impacts.
Attackers often delay announcements to pressure victims privately for ransom payments before making stolen data public.
Customers should monitor their bank accounts and credit reports for suspicious activity and be cautious of phishing emails pretending to be from the retailer.