Marks & Spencer ‘cyber incident’ hits shops’ contactless payments and affects online orders
23 April 2025, 08:10
Marks & Spencer has apologised after its stores were impacted by a “cyber incident" which affected online orders and left customers unable to pay using contactless cards.
Listen to this article
Loading audio...
The retailer said it had to make “minor, temporary changes” to its store operations to protect customers and the business.
It comes after reports on social media that they were unable to pay using contactless methods or collect online orders over the weekend.
M&S said it is currently working with cyber security experts to investigate and manage the incident.
Customers were unable to process click-and-collect orders and had to pay with cash.
"As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business and we are sorry for any inconvenience experienced. Importantly, our stores remain open and our website and app are operating as normal,” M&S said in a statement.
Stuart Machin, M&S chief executive, said the services were taken down “to protect you and the business”, adding: “I am sincerely sorry if you experienced any inconvenience.”
Gary M, writing on X, said he was forced to abandon his shopping and said the retailer failed to inform shoppers of the issue until they reached the checkouts.
Helen Langston said customers were being held for “nearly an hour” outside one store before the manager came to explain the contactless payment problem.
Other shoppers were left unable to return items in stores and therefore missed out on refunds. Others said click-and-collect stations had been down for the last 48 hours in their stores.
M&S did not give any further details about the hack.
