On Wednesday, M&S also informed customers that the cyberattack disrupted some of its services, including contactless payments and Click & Collect orders in stores, and it was also causing delays in online order delivery. M&S first disclosed the cybersecurity incident in a Tuesday London Stock Exchange press release, stating that its team is working with external cybersecurity experts to manage and resolve the situation. No ransomware operations or other threat groups have claimed responsibility for the M&S attack, and an eventual data leak isn't expected soon because threat actors usually take some time to pressure victims into paying ransom demands. British retailer giant Marks & Spencer (M&S) has suspended online orders while working to recover from a recently disclosed cyberattack. M&S, which reported revenues of £13 billion for FY24, is listed on the London Stock Exchange (LSE) and is included in the FTSE100 Index, the UK's best-known stock market index. "All orders will be held by stores for the foreseeable due to the ongoing cyber issues regardless of when the last date for collection is," it added in a Twitter reply to a customer complaint. "As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps. However, if a ransomware gang has been behind this attack, its operators have likely stolen M&S data to be used as further extortion leverage. BleepingComputer has contacted Marks & Spencer with questions about the attack earlier this week, and we'll update the story if we receive a reply.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 25 Apr 2025 15:10:08 +0000