M&S Halts Online Orders Amid Cyber Attack, Issues Refunds to Affected Customers
Cyber incident disrupts retail operations and payment systems; NYK Law Firm comments on growing threat of online fraud in retailing
Pavitra ShettyApr 29, 2025, 11:52 AMIn a major disruption to UK retailing, Marks & Spencer (M&S) has suspended all online orders across its website and mobile apps following a cyber attack that impacted various services, including food and clothing deliveries. The company is currently issuing refunds for orders placed on Friday as it works to recover from the incident.
The attack, which began affecting customers last weekend, has forced M&S to stop digital operations as a precautionary measure. The disruption extends to contactless payments, gift card usage, and Click & Collect services, raising wider concerns about the vulnerability of retail infrastructure to online frauds.
According to NYK Law Firm, a UAE-based legal advisory group specialising in cyber and data protection, “Retailers globally must adopt proactive compliance measures and cybersecurity protocols to prevent such disruptions. The financial and reputational risks are too high in today’s digital-first consumer economy. Cyber resilience is no longer optional — it’s a retail imperative.”
The firm’s retail operations remain open in-store, but consumers are voicing frustration over miscommunications and the prolonged service outage. In particular, the continued inability to use gift cards or credit receipts both online and in stores has drawn criticism.
Meanwhile, M&S has confirmed that it reported the cyber incident to both the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO). Investigations are ongoing, and the National Crime Agency (NCA) is supporting the response.
Cybersecurity analysts are warning of the cascading impact such attacks can have, particularly as digital sales make up nearly a quarter of M&S’s revenue. The situation underscores the urgent need for enhanced data protection laws, employee awareness, and technological safeguards in the retail sector.
This attack on M&S follows a series of cyber incidents affecting major UK businesses in recent months, including banking outages and retail disruptions at Morrisons and others, further highlighting the systemic risk facing the nation’s digital commerce infrastructure.
For any enquiries or information, contact info@thelawreporters.com or call us on +971 52 644 3004. Follow The Law Reporters on WhatsApp Channels