Retail giant Marks & Spencer has confirmed a cybersecurity incident, as customers report ongoing disruption and outages.
The British-headquartered retailer on Tuesday told customers in a notice, which TechCrunch has seen, that the company has been “managing a cyber incident” over the last few days. The notice, signed by chief executive Stuart Machin, said it was necessary to make operational changes “to protect [customers] and the business.”
The company said its stores remain open and its website and app are operating normally.
It is not immediately clear what the nature of the cyberattack is, or if customer data has been affected. A Marks & Spencer spokesperson did not immediately comment when reached by TechCrunch.
In a filing with the London Stock Exchange, Marks & Spencer said it had engaged external cybersecurity experts to investigate the incident, and also notified data protection authorities.
One customer told TechCrunch that in-store payment card terminals were not working. Several other customers reported on social media similar outages at various outlets and disruption to order pick-ups.
In response to one customer on X, Marks & Spencer said it was “working hard to resolve some technical issues in our stores.”
Marks & Spencer claims it serves 32 million customers every year, per its 2024 annual report.
