Marks & Spencer has paused online orders for customers via its website and app as the UK retailer continues to wrestle with an ongoing “cyber incident.”
Contactless payments were halted earlier this week and Click & Collect orders temporarily suspended, yet until today M&S insisted it was continuing to support website and app orders.
“As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps,” the company said in a statement.
“Our product range remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers.
“We informed customers on Tuesday that there was no need for them to take any action. That remains the case, and if the situation changes we will let them know.
“Our experienced team – supported by leading cyber experts – is working extremely hard to restart online and app shopping.
“We are incredibly grateful to our customers, colleagues, and partners for their understanding and support.”
Among the various issues shoppers continue to face, in addition to those already stated, are an inability to redeem gift cards, store receipts not appearing in loyalty card accounts, and self-serve return kiosks being unavailable.
M&S’s issues began on Saturday with returns and Click & Collect orders experiencing problems. The retailer disclosed the “cyber incident” to the London Stock Exchange on Tuesday.
It said it had informed the Information Commissioner’s Office and National Cyber Security Center, but has declined to answer additional questions from The Register, referring us back only to its official statements.
William Wright, CEO at Closed Door Security, said that although M&S continues to assure customers that they don’t need to take any action, they should be alert to any phishing attempts.
“M&S customers should keep an eye on their online accounts and bank statements, and also be on guard for phishing,” he said.
“We don’t know if criminals have accessed any customer data, but it’s always safer to be on guard.
“Furthermore, attackers will also use the incident to send out phishing emails, which are designed to look like genuine communications in relation to the incident but are actually aimed at tricking recipients into handing out their personal or financial information.
“It is essential that online users take note of this threat and treat all communications with caution.” ®