British High Street icon Marks and Spencer has been “managing a cyber incident over the past few days” it revealed this afternoon.
The “incident” has apparently hit contactless payments and online order pickup. However, with the UK having just had a long, bank holiday weekend, during which many stores would have been closed, the full extent of the incident is only just becoming apparent.
The firm issued a stock market statement this afternoon saying “As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business.”
It said “Importantly, our stores remain open and our website and app are operating as normal.”
M&S has drafted in external cyber experts and was “taking actions to protect our network” and ensure customer service.
At the same time, it has reported the incident to the relevant authorities and the National Cyber Security Centre.
It’s fair to say that Marks and Spencer is the closest thing to critical national infrastructure on the High Street.
It wrote to customers to assure them they did not need to “take any action at this time”. Beyond, perhaps, showing a little patience if their click and collect orders are delayed.
Presumably this means that customer data has not been breached, though we’re waiting to hear more detail from the retailer.
Last year, the UK Information Commissioner’s Office called on retailers, along with other organizations, to step up their cyber security and data protection. It said that retailers accounted for 18 percent of the breachers reported to it in 2023. That put the sector in second place, behind finance which accounted for 22 percent of breaches.
The link has been copied!
