Marks & Spencer has issued an urgent warning to customers after a cyber attack caused significant disruption to its contactless card payment system and order fulfilment services. The attack, which began last weekend, has forced the retailer to temporarily halt contactless transactions and suspend its click-and-collect service, directly affecting thousands of shoppers across the UK.
Customers visiting M&S stores have been informed that contactless payments—including Apple Pay and Google Pay—are currently unavailable, and are being asked to use chip-and-PIN or cash instead. Additionally, those expecting to collect online orders in-store are experiencing delays or cancellations as the retailer works to contain the disruption.
A Direct Impact on Customer Experience
In a statement to International Supermarket News, a Marks & Spencer spokesperson said:
“Due to a cyber security incident affecting some of our systems, we have taken immediate precautionary steps, including suspending contactless payments and in-store click-and-collect services. Our teams are working around the clock to resolve the issue safely and restore full service. We apologise for the inconvenience this may cause and appreciate the continued support of our customers.”
While the retailer has confirmed that no customer payment data has been compromised, it continues to investigate the full scope of the cyber attack in collaboration with cybersecurity experts and relevant authorities.
The company added that online orders may also face delays, as backend systems involved in processing and dispatching items are under review to ensure they are secure before being fully reactivated.
Warnings for Shoppers
Marks & Spencer is urging customers to avoid relying on contactless payments until further notice and to check the status of online orders before travelling to collect them. Customers are also encouraged to monitor their inboxes and the M&S app for real-time updates regarding any service interruptions or delivery issues.
This guidance is especially important as over half of in-store purchases in the UK now rely on contactless payment methods, making the disruption particularly inconvenient for regular shoppers.
Industry Experts Call for Stronger Cyber Defences
The situation at M&S has put a spotlight on the growing risk of cyber threats within retail operations. As the sector becomes increasingly digitised—from front-of-house transactions to logistics and inventory management—the need for robust cyber resilience is more urgent than ever.
ISN technology analysts believe this incident could be a wake-up call for retailers relying heavily on seamless, tech-driven experiences. The absence of basic functionality such as contactless payments can rapidly erode customer trust and loyalty, particularly when disruptions are unannounced or ongoing.
Impact on Business and Market Response
Following the announcement of the incident, Marks & Spencer shares dipped modestly, reflecting investor concern about operational stability during peak trading periods. M&S had previously enjoyed renewed investor confidence thanks to improvements in its food and fashion segments, but this technical setback presents an unwelcome challenge.
However, retail observers note that the brand’s transparent communication and swift action have helped contain reputational damage so far.
The Bigger Picture
As retailers race to modernise with advanced payment technologies, mobile apps, and smart logistics, they must also stay ahead of increasingly sophisticated cyber threats. This incident illustrates the need for proactive cyber planning, alternative payment protocols, and a well-prepared crisis response team.
For now, M&S continues to reassure its customers that safety and service restoration remain top priorities. The retailer has promised further updates in the coming days as its technical teams work to restore full functionality.
International Supermarket News will monitor the situation closely and provide updates as more information becomes available.