Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
In a statement issued via social media, the company said the decision forms part of its “proactive management” of a suspected breach which has been ongoing for several days now.
“We have made the decision to pause taking orders via our M&S.com websites and apps,” the statement reads. “Our product range remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers.”
The retailer reiterated that no action is required on the part of customers. At this stage there is no indication that personal information has been exposed.
“That remains the case, and if the situation changes we will let them know,” M&S said. “Our experienced team - supported by leading cyber experts - is working extremely hard to restart online and app shopping.”
The decision to suspend online shopping comes days after the company confirmed it had suffered a ‘cyber incident’. The source of this and exact details on the scope of damage at the firm is yet to be determined. However, contactless payments and online orders were impacted.
Rumblings over IT disruption at the retailer first emerged over the bank holiday weekend, with customers complaining they were unable to collect orders or make contactless payments. It’s believed these issues were linked to another incident.
But a separate investigation by the company showed it had been breached and it took “immediate action” to protect customers.
In its confirmation statement earlier this week, M&S said it had informed relevant authorities and was working closely with the National Cyber Security Centre (NCSC) to remediate the incident and mitigate further risk to customers and the company.
‘Material impact’ of M&S cyber incident unfolding
William Wright, CEO of Closed Door Security, said the latest update highlights that the incident is now having a “material impact” on the retailer’s operations.
“This will create a huge inconvenience for customers and will also significantly impact M&S financially,” he said. “Data shows that almost a quarter of the store's sales happen online, so no matter how long this pause is put in place, it will hurt M&S”.
Wright warned that despite the retailer’s insistence that customers have not been impacted, this “could change at any time, particularly while forensics are still ongoing”.
He advised M&S customers to remain vigilant for suspicious activity on their online accounts and bank statements, as well as for potential phishing scams seeking to capitalize on the disruption.
“We don't know if criminals have accessed any customer data, but it's always safer to be on guard,” he said.
“Attackers will also use the incident to send out phishing emails, which are designed to look like genuine communications in relation to the incident but are actually aimed at tricking recipients into handing out their personal or financial information.”
MORE FROM ITPRO
-
Manners cost nothing, unless you’re using ChatGPTOpinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
-
Westcon-Comstor unveils new managed SOC solution for Cisco partnersNews Powered by Cisco XDR, the new offering will enable partners to tap into new revenue streams, the company said
