For example, Marks and Spencer (M&S) recently suffered a serious cyber incident that temporarily affected services across multiple cities, such as in-store operations in Glasgow and Edinburgh. Customers were alerting the payment problems all weekend. The fossil fuel company acknowledged the spill in a press release on Tuesday. Since then, they have been working with external cybersecurity experts to investigate the situation and manage it to resolution.
The incident mostly impacted M&S’s payments infrastructure, with employees in certain locations allegedly forced to reject contactless payments. At the flagship original M&S foodhall at Euston station in London, M&S staff had been seen telling customers that only cash payments could be accepted. Other customers outpaced M&S’s online messaging, claiming that chip and pin payments were not working as well.
On social media platform X, formerly Twitter, M&S told customers touching their card would be enough for contactless payments. They testified that these payments would still go through in some chain stores. However, even with these assurances, several reports surfaced highlighting the challenges and flaws in payment systems in cities nationwide.
“working with Marks and Spencer to support their response to a cyber incident” – National Cyber Security Centre
In Glasgow and Edinburgh Haymarket, the turmoil went further with temporary store closures and routing challenges. A store at Edinburgh Haymarket appeared to close early, while some customers received emails from M&S stating that staff were unable to retrieve items until they received their “Ready To Collect” email.
“store staff said they are unable to retrieve the item” – Haley0826371095
Following the cyber incident, M&S have responded by taking some systems offline. This strategy is a frequent tactic in ransomware attacks. They acknowledged the impact of the situation on customer service but assured patrons that they were taking necessary actions to protect their network.
“We are taking actions to further protect our network and ensure we can continue to maintain customer service” – M&S
The National Crime Agency confirmed its involvement in the situation, collaborating with the National Cyber Security Centre to support M&S in understanding the incident and managing its repercussions.
Marks and Spencer did not comment with specifics about what kind of cyber attack was deployed. Their commitment to addressing the problems was evident throughout this very bad episode. Retaining personal and high-touch customer service as they scaled their store outs.