Retail giant Marks & Spencer (M&S) has revealed it has been dealing with a “cyber incident” in recent days and apologized to customers amid disruption complaints.
The retailer said contactless payments and online orders have been impacted by the incident, but insisted no customer data has been compromised.
While the exact cause of the incident is yet to be determined, the company said in a statement it took immediate action to protect customers.
“Marks and Spencer Group plc (the Company, or M&S) has been managing a cyber incident over the past few days,” the statement read.
“As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business and we are sorry for any inconvenience experienced.
Stores remain open and customers can still shop online, the company added.
The confirmation from M&S comes just days after the company apologized to customers over disruption to contactless payments, which is believed to have been caused by a separate IT issue.
Reports from The Guardian noted that customers had taken to social media to complain about the incident, with one user claiming they could not collect online purchases or return items due to payment systems being knocked offline.
M&S calls in NCSC
M&S said it has reported the incident to relevant data protection authorities and is coordinating with the National Cyber Security Centre (NCSC).
Organizations affected by a cybersecurity incident or data breach often work closely with the security agency, which provides guidance and assistance to support remediation in the wake of an attack.
“Customer trust is incredibly important to us, and if the situation changes an update will be provided as appropriate,” the statement added.
ITPro has approached M&S for clarification on the cause of the incident, and will update accordingly.
MORE FROM ITPRO
