Marks & Spencer (M&S), a prominent UK retailer, is grappling with significant disruptions across its stores due to a recent cyber attack that has left many of its shelves bare. As customers flocked to M&S over the busy Easter weekend, they reported severe difficulties in using contactless payment systems, as well as issues with the Click & Collect service. Additionally, the company’s website and app have suspended online orders since the incident took place on Friday.
The extent of the disruption remains unclear; however, the retailer noted that there are “pockets of limited availability” in some of its stores across the UK. Reports indicate that the situation is particularly urgent as M&S navigates through a key retail season, when demand typically spikes in the lead-up to warmer weather. Analysts speculate that the fallout from the cyber attack could have dire implications for M&S’s profits, as many loyal customers opt to shop elsewhere amid the operational chaos.
Fortunately, the company has provided some reassurances to customers about the resolution of certain issues. Problems related to contactless payment, Click & Collect, and the usage of gift cards have reportedly been addressed. However, the challenge of accepting online orders persists, which is especially concerning given that approximately one-third of M&S’s clothing and household goods sales—amounting to about £1.2 billion—occur through its online platforms. The inability to process online transactions at such a critical time could severely hurt the company’s sales figures.
As the cyber attack’s repercussions continue to unfold, M&S’s operational leadership confirmed that it may take until the end of the week before they expect systems to be fully functional again. Since the attack, the retailer has opted to take several of its systems offline as a precautionary management strategy. A spokesperson for M&S stated, “We are currently working hard to restore availability across our estate.” While they have not disclosed specific details about the nature of the cyber attack, it marks a challenging time for the renowned retailer.
This incident is not an isolated occurrence in the retail sector or among UK businesses. Previously, other firms, including major supermarkets like Morrisons, encountered online service disruptions during Christmas 2024, and prominent banks such as Barclays and Lloyds experienced outages early in 2025. These events suggest that cyber security is becoming an increasingly critical issue that businesses in all sectors need to prioritize to avoid similar disruptions.
Understanding the context surrounding this cyber attack sheds light on the complexities faced by companies in today’s digital landscape. The ramifications of such incidents can extend well beyond immediate operational challenges, affecting customer trust, brand loyalty, and ultimately, financial performance. Retailers like M&S must not only respond to emergencies swiftly but also invest in robust cyber security infrastructure to safeguard against future threats.
As M&S works to rectify the situation, it will likely take a concerted effort to rebuild consumer confidence and restore full service capabilities. With many customers turning to alternate shopping options while M&S grapples with empty shelves and disrupted services, the retailer faces a crucial crossroads in managing its brand reputation and operational resilience moving forward.