Marks & Spencer (M&S) has been managing a cyber incident over several days that has disrupted key services, including its click and collect orders and contactless payment systems.
While stores, websites and apps remain open, technical issues have persisted, including problems processing gift cards and vouchers.聽
On Tuesday, M&S chief executive Stuart Machin apologised to customers impacted due to the problems faced.
鈥淭o protect you and the business, it was necessary to temporarily make some small changes to our store operations, and I am sincerely sorry if you experience any inconvenience,鈥 the notice read.
鈥淭here is no need for you to take any action at this time and if the situation changes, we will let you know.聽
鈥淭here may be some limited delays to your click and collect order, which we are working hard to resolve.
鈥淚 know how much our customers trust M&S, and that trust is incredibly precious to us. We have been working hard with the best experts to manage this, and I want to thank them and my colleagues for their hard work.聽
鈥淐an I take this opportunity to thank you for shopping with us and for your continuous support. We really appreciate it.鈥
In an update posted to the London Stock Exchange, the company also confirmed that it has engaged external cyber security experts to assist with investigating and managing the incident.
Experts are now noting that even well-resourced organisations remain vulnerable to attacks, especially during peak shopping periods like Easter.
Executive VP EMEA at leading cybersecurity firm SonicWall, Spencer Starkey, commented: 鈥淐ybersecurity arrangements must be agile and constantly updated to keep up with the evolving threat landscape.聽
鈥淐ybercriminals are constantly developing new tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and bypass security controls, and companies must be able to quickly adapt and respond to these threats.聽
鈥淭his requires a proactive and flexible approach to cybersecurity, which includes regular security assessments, threat intelligence, vulnerability management, and incident response planning.聽
鈥淚t also requires ongoing training and awareness programs to ensure that employees are aware of the latest threats and best practices for cybersecurity.聽
鈥淏y maintaining agile and up-to-date cybersecurity arrangements, companies can minimise their risk exposure, detect and respond to threats more effectively, and maintain the trust and confidence of their customers and stakeholders.鈥