British retailer M&S confirms being hit by ‘cyber incident’ amid store delays

British retailer Marks and Spencer (M&S) announced on Tuesday it “has been managing a cyber incident over the past few days” following a slew of customer complaints on social media.

The nature of the incident hasn’t been disclosed. The company, which is a constituent of the FTSE 100 Index, employs more than 70,000 people worldwide and has more than 1,000 stores in the United Kingdom.

In a statement filed to London’s stock exchange on Tuesday afternoon, the company said it made “some minor, temporary changes to our store operations” as soon as it became aware of the incident.

Customers have complained on social media that various electronic payments systems are not working, including card payments, gift cards and the retailer’s Click and Collect service.

In a statement sent to customers, the company confirmed there “may be some limited delays to your Click and Collect order, which we are working hard to resolve.”

Cheers @marksandspencer for sending me this 2 hours AFTER I drove a 26 mile round trip to collect my parcel, only to be told I couldn’t have it (even though it’s there). What a wasted journey. I now have to drive back again in the next couple of days 😩 pic.twitter.com/wUdNjCMIz5

— Katie Crombie (@KatieC_says) April 22, 2025

The company told the London stock exchange that it has brought in external cyber security experts to investigate and manage the incident, as well as reported it to the relevant regulators and the National Cyber Security Centre.

“We are taking actions to further protect our network and ensure we can continue to maintain customer service,” the company’s statement continued.

“We are sorry for any inconvenience experienced. Importantly, our stores remain open and our website and app are operating as normal.”