News: 1745489922

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

M&S takes systems offline as 'cyber incident' lingers

(2025/04/24)


UK high street retailer Marks & Spencer says contactless payments are still down following its "cyber incident" and order delays are likely to continue.

The clothing, homeware, and produce purveyor told customers in an update on Wednesday evening that Click & Collect orders were also suspended until further notice, and that they should expect delays to home deliveries too.

One detail the retailer added – consistent with disclosures involving ransomware – was that some of its internal processes have been moved offline.

[1]

M&S hasn't confirmed either way whether ransomware was involved, despite The Register's inquiries, but the detail aligns with the company's initial disclosure that stated it was taking actions to protect its network.

[2]

[3]

"We have made the proactive decision to move some of our processes offline to protect our colleagues, partners, suppliers, and our business," the retailer's most recent update said.

"We are incredibly grateful for the understanding and support that our customers, colleagues, partners, and suppliers have shown. We are working hard to restore our services and minimize disruption, and are being supported by industry-leading experts. We will continue to update as appropriate as we work to resolve these issues."

[4]

As for why contactless payments are down, with no mention of chip and PIN payments being affected, M&S hasn't responded to our questions.

[5]This is not just any 'cyber incident' … this is an M&S 'cyber incident'

[6]Oracle hopes talk of cloud data theft dies off. CISA just resurrected it for Easter

[7]Law firm 'didn't think' data theft was a breach, says ICO. Now it's nursing a £60K fine

[8]Toronto Zoo ransomware crooks snatch decades of visitor data

The retailer, which operates more than 1,000 stores across the UK, also confirmed via social media that all shops remain open, and orders can still be placed online and through its app – no change on that front.

Looking at the public responses, M&S customers appear pleased with the business's approach to its public comms about [9]the incident , which started at the weekend.

While [10]some organizations still haven't got the message , here in the UK, at least, victims seem to be slowly understanding that taking responsibility for cyberattacks tends to go down quite well.

Though it may not live long in the memory of the non-technical folks, the [11]British Library's response to its ransomware attack is routinely lauded by those in the security industry as an example of effective crisis communication. Since then, there has been a noticeable shift toward open, honest, and regular communications with customers following major security breaches. ®

Get our [12]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aApgMJ7sa6JUvdGChK3YTAAAAE8&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aApgMJ7sa6JUvdGChK3YTAAAAE8&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aApgMJ7sa6JUvdGChK3YTAAAAE8&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aApgMJ7sa6JUvdGChK3YTAAAAE8&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://www.theregister.com/2025/04/22/marks_spencer_cyber_incident/

[6] https://www.theregister.com/2025/04/18/oracle_cisa_advisory/

[7] https://www.theregister.com/2025/04/16/law_firm_ico_fine/

[8] https://www.theregister.com/2025/03/06/toronto_zoo_ransomware/

[9] https://www.theregister.com/2025/04/22/marks_spencer_cyber_incident/

[10] https://www.theregister.com/AMP/2025/04/02/oracle_breach_disaster_planning/

[11] https://www.theregister.com/2024/05/20/the_british_library_owes_lauded/

[12] https://whitepapers.theregister.com/


British Library - comms good, actions bad

StewartWhite

Whilst their comms were indeed a good example, the actual restoration of systems was pitifully slow. Anecdotally (although there was plenty of material online to back this up - no pun intended), months after the issue I was talking to a British Library visitor on the train and they'd been told that day that they were still unable to access a book they wanted because the relevant systems still weren't available. Maybe an extreme example of where you can communicate or you can solve the problem but unless you have sufficient resources you can't do both simultaneously?

Re: British Library - comms good, actions bad

Doctor Syntax

The main resource needed for good communication is honesty. AFAICR the BL decided to bring forward a planned rebuild to be able to start with a known clean slate and not to pay any ransom..

Re: British Library - comms good, actions bad

Decimal5446

The problem with these incidents. Let's assume its ransomeware. No company is resourced up enough to deal with it rapidly if it hits a lot of assets. It's a work rate vs people problem.

Re: British Library - comms good, actions bad

BBRush

It could also be a question of how the organisaiton is perceived in the market and whether this could affect their position within it. Commercial entities may not want competitiors, investors or shareholders getting the unfettered/honest updates, whereas a public body may have more ability to be honest over and above the required disclosures.

Sharing IOCs and post incident reports, even redacted, to allow others in a market sector to protect themselves could be seen as nearly heresy in the commercial world.

A Non e-mouse

As for why contactless payments are down, with no mention of chip and PIN payments being affected, M&S hasn't responded to our questions

As a consumer, it seems Chip & Pin, Contactless and Apple/Google Pay are all separate payment authorisation systems.

Anonymous Coward

Contactless was working ok in stores this morning, but we were advised not to use our Sparks loyalty card because it would be very slow to get a response.

Ground floor: Perfumery, Stationery and Leather Goods, Wigs and Haberdashery. Going up...

MrBanana

"The clothing, homeware, and produce purveyor..."

I think you meant knickers & bras, scented candles, and Prosecco ...

I only buy one of the above from M&S.

Why do we want intelligent terminals when there are so many stupid users?