Following a cyber-attack, M&S reported on Tuesday 22 April 2025 the company had to stop taking online orders from Friday 25 April 2025 in the UK and Ireland.

The BBC reports that prior to the incident with online orders, M&S was unable to take contactless payments, gift cards as well as experiencing issues receiving parcels via Click and Collect.

Marks and Spencer’s proactive management

Marks and Spencer’s generated a global revenue of £13 billion in the UK and internationally according to Statista.

The cyber-attack incident led to a 5% decline in Marks and Spencer’s shares, leading to an overall reduction in revenue.

Arda Büyükkaya, Senior Threat Intelligence Analyst, EclecticIQ stated: “Retailers remain attractive targets because of the pressure to maintain continuity and the rich stores of sensitive data they hold.

“The M&S incident serves as a clear warning that cybersecurity resilience must now be treated as a core operational priority, not an IT problem.”

The report sent out by M&S articulates that it is proactively managing the cyber-attack.

M&S outsources cyber experts

M&S stated on its website and on X that: “Our experienced team – supported by leading cyber experts – is working extremely hard to restart online and app shopping.”