Do Son 
The British retailer Marks & Spencer has temporarily suspended the processing of online orders via its website and mobile application amid an ongoing cyber incident. Earlier this week, the company had already halted contactless payments and temporarily disabled the Click & Collect ordering option. Until today, M&S had maintained that its website and app continued to operate normally.
In an official statement, the company noted that the suspension of online sales was a measure taken as part of “proactive situation management.” Nevertheless, the entire product range remains available for browsing online, and physical stores continue to welcome customers. M&S representatives emphasized that customers had previously been advised that no action was required on their part, and this guidance remains unchanged. The company pledged to promptly inform customers should the situation evolve. The statement also noted that a dedicated team, supported by leading cybersecurity experts, is working to restore online services, and expressed gratitude to customers, employees, and partners for their understanding and support.
The troubles began on Saturday, when disruptions affected product returns and order placements via Click & Collect. The company formally disclosed the cyber incident to the London Stock Exchange on Tuesday. M&S also notified the Information Commissioner’s Office and the National Cyber Security Centre, but declined further comment, referring instead to previously issued statements.
Among the current challenges facing customers are the inability to use gift cards, missing receipts in loyalty program accounts, and the unavailability of automated terminals for returns.
Experts advise M&S customers to remain vigilant. Despite the company’s assurances, users are urged to monitor their online accounts and banking statements closely and to beware of potential phishing attempts. Even if no customer data has been compromised, cybercriminals may exploit the situation by sending fraudulent messages aimed at stealing personal or financial information. In such circumstances, it is crucial to treat all incoming communications with heightened caution.
