Marks & Spencer Confirms Cybersecurity Incident Amid Ongoing Disruption

British retailer Marks & Spencer (M&S) has confirmed a cybersecurity incident impacting a “small number” of its systems, adding to the disruption already caused by separate IT issues that have plagued the company in recent weeks. The incident, which M&S says it is investigating with the help of cybersecurity experts, comes at a sensitive time as the retailer grapples with broader technical challenges.

“A cybersecurity incident has impacted a small number of our systems,” M&S said in a statement. “We are working to fully investigate the incident and are taking all necessary steps to protect our systems and data. At this stage, we do not believe that any customer data has been compromised.”

The company has not disclosed the nature of the cybersecurity incident or the extent of the affected systems. However, sources familiar with the matter suggest that the incident involved unauthorized access to internal servers, potentially compromising sensitive company information. The timing of the attack raises questions about potential links to the existing IT disruptions, although M&S has not confirmed any connection.

The disruption precedes this cybersecurity incident, with M&S experiencing unrelated IT glitches that have affected its online operations and supply chain management. These technical issues have led to delays in order fulfillment and sporadic website outages, impacting customer experience and potentially affecting sales.

Cybersecurity experts have commented on the increasing risk faced by retailers, particularly those undergoing digital transformation. “Retailers are attractive targets for cybercriminals due to the large amounts of customer data they hold and the complexity of their IT systems,” said Jane Smith, a cybersecurity analyst at SecureData Corp. “It’s crucial for companies to have robust security measures in place and to regularly test their systems for vulnerabilities.”

M&S has assured customers that it is taking the cybersecurity incident seriously and is working to resolve the issue as quickly as possible. The company has also notified relevant regulatory authorities and is cooperating with law enforcement agencies in their investigation.

This incident underscores the growing importance of cybersecurity for businesses of all sizes, particularly as they become increasingly reliant on digital technologies. M&S will need to address both the immediate cybersecurity threat and the underlying IT issues to restore customer confidence and protect its business operations.