Marks and Spencer (M&S) customers are facing ongoing disruptions as a significant cyber attack has crippled the retailer's operations for over a week. The incident, which first came to light on April 21, 2025, has led to delayed parcels, paused online orders, and suspended gift card payments, leaving many shoppers frustrated and anxious about their orders.
As of Monday, April 28, M&S has confirmed that it has stopped taking orders from its website and app for the fourth consecutive day. The cyber attack has reportedly wiped more than £700 million off the company's stock market valuation, with shares down nearly 10% since the incident began. On Monday, shares fell by 2.2%, trading at 377.3p.
Customers have expressed their discontent regarding the lack of communication from M&S about the status of their orders. Linda Sonntag from Norwich shared her disappointment after a flower delivery she arranged for a friend never arrived. "In the meantime, I've had to order flowers from somewhere else," she told the BBC. "I don't blame them; they've had a cyber attack. But I don't think their attitude towards their customers is very helpful."
Dawn Cunnington from Exeter also faced issues with her order. She had arranged flowers for her 91-year-old mother’s friend, who was celebrating a milestone birthday, but the order was not fulfilled. After contacting M&S, she received a refund and a £10 apology voucher but was still frustrated that her order was accepted despite the ongoing cyber incident.
In addition to individual customer complaints, analysts warn that the attack could significantly damage M&S's reputation. Susannah Streeter, head of money and markets at Hargreaves Lansdown, stated, "Fashion sales are likely to take a big hit particularly as the attack has come during the spell of warm weather when summer ranges would ordinarily be piling up in virtual baskets."
As M&S grapples with the fallout, the company has taken steps to manage the situation. It has hired external cybersecurity experts to help investigate the breach, which is suspected to be a ransomware attack. Although M&S has not disclosed the full details of the cyber incident, reports indicate that the company is working diligently to regain control of its systems.
In an effort to mitigate further damage, M&S has restricted access to certain IT systems, forcing hundreds of remote workers to resort to pen and paper for their tasks. On Monday, around 200 agency workers at the Castle Donington distribution center were instructed to stay home as the company continues to deal with the repercussions of the attack.
The disruption has not only affected online orders but has also impacted in-store operations. While M&S stores remain open, customers have reported difficulties with click-and-collect orders and the inability to process refunds. Some shoppers have had to leave items at the checkout due to payment issues, while others have expressed concern about the lack of communication regarding their pending orders.
"I have received several emails asking me to collect, made a special journey to my local store, only to be told I could not collect," one shopper lamented on social media. Another customer shared that they returned an online order in-store, but it was not reflected on their account.
Despite the turmoil, M&S has reassured customers that their personal data has not been compromised. The company stated that shoppers do not need to take any action regarding their accounts, suggesting that no customer data was accessed during the breach.
However, the ongoing uncertainty surrounding the cyber attack has led to a decline in M&S's customer perception. The retailer's “buzz” score, a measure of public sentiment, has dropped from 23 to 15.5 since the attack began, indicating a significant shift in customer attitudes. Dan Coatsworth, an investment analyst at AJ Bell, noted that M&S's success is built on trust, and the longer it takes to resolve the issue, the greater the risk to the brand's reputation.
As M&S navigates this crisis, it has emphasized that it is prioritizing in-store services to ensure that customers can still shop physically. While contactless payments were initially disrupted, they have since been restored in stores, allowing customers to make purchases using cards or cash.
The retailer has also confirmed that orders placed after April 23 will be refunded, and it has advised customers to wait for a notification email before attempting to pick up any online orders. M&S is expected to publish its full-year results on May 21, 2025, and the impact of this cyber attack will likely be a focal point in that report.
Ed Williams, a cybersecurity expert, stressed the need for retailers to enhance their security measures in light of such incidents. "Incidents like this reinforce the urgent need for the retail sector to elevate its security posture in line with an increasingly complex and aggressive threat landscape," he noted.
As the situation continues to unfold, M&S customers remain in limbo, hoping for timely updates and a swift resolution to the ongoing cyber attack. The retailer's ability to restore customer confidence will be critical in the coming weeks as it works to recover from this significant disruption.
