Marks and Spencer’s (M&S) share price has plummeted more than three percent in early trading on April 28, 2025, as the fallout from a significant cyber attack continues to impact the retailer. Since the announcement of the attack on April 22, M&S has seen its stock decline nearly nine percent, reflecting growing investor concerns about the company’s operational stability.
The FTSE 100 retailer has suspended all online orders, leaving many customers unable to use contactless payments for parts of last week. This disruption has raised alarms, especially since online shopping accounts for approximately one-third of M&S’s sales—a figure that has steadily increased over the past decade.
According to Sky News reporter Mark Kleinman, M&S has instructed hundreds of agency workers at its Castle Donington distribution center in the East Midlands to stay home on April 28. Meanwhile, employees working from home have been locked out of the company’s IT systems as M&S strives to contain the damage from the cyber breach.
Experts in cybersecurity have weighed in on the incident. Julius Cerniauskas, CEO of web intelligence firm Oxylabs, explained that “ransomware gangs aim for maximum disruption to force a quick payout.” He added that by freezing critical systems, these criminals create chaos for both customers and the business, ultimately increasing the pressure on the company to pay the ransom. “While it appears M&S has regained some control, preventing the situation from escalating further will depend on thorough system cleansing, patching vulnerabilities, and ensuring no backdoors have been left behind by the attackers,” Cerniauskas noted.
In light of the attack, Dennis Martin, a crisis management and business resilience specialist at Axians, emphasized that incidents like these serve as a reminder that “cybersecurity is no longer just an IT concern, but a core operational risk.” He stressed the importance of learning from such attacks and ensuring that systems and operational processes are resilient, communications are clear, and contingency plans are regularly tested.
M&S has confirmed that it launched an investigation into the cyber incident after customers reported difficulties with contactless payment methods during the bank holiday weekend. Following this, on April 25, the retailer announced the suspension of online orders through its websites and apps as part of a proactive strategy to manage the breach. The company stated, “Our experienced team – supported by leading cyber experts – is working extremely hard to restart online and app shopping. We are incredibly grateful to our customers, colleagues, and partners for their understanding and support.”
Despite the challenges facing its online services, M&S has maintained that physical stores remain operational. However, customers have faced significant disruptions, including delays in fulfilling click-and-collect orders and the inability to use gift cards, e-gift cards, and credit receipts for payments both in-store and online.
The retailer’s stock has already experienced a notable decline, dropping five percent following the cyber attack announcement, as analysts warn that M&S could suffer long-term damage to its brand reputation if the situation is not resolved swiftly. Kate Hardcastle, a consumer specialist at Insight with Passion, described the incident as “a bruise to M&S’s trusted brand image.”
As M&S continues to navigate the aftermath of the cyber attack, the company has been actively responding to customer inquiries on social media. One customer was informed that items confirmed for collection via email could still be picked up in-store, and M&S assured customers that parcels would be held in-store until further notice to avoid any risk of being returned.
In summary, the cyber attack on M&S has highlighted vulnerabilities in the company’s IT infrastructure and raised questions about its cybersecurity measures. As the retailer works to restore normal operations, the broader implications for its reputation and customer trust remain at the forefront of discussions among analysts and industry experts.
