Marks & Spencer (M&S) has been managing a cyber incident over several days that has disrupted key services, including its click and collect orders and contactless payment systems.
While stores, websites and apps remain open, technical issues have persisted, including problems processing gift cards and vouchers.
On Tuesday, M&S chief executive Stuart Machin apologised to customers impacted due to the problems faced.
“To protect you and the business, it was necessary to temporarily make some small changes to our store operations, and I am sincerely sorry if you experience any inconvenience,” the notice read.
“There is no need for you to take any action at this time and if the situation changes, we will let you know.
“There may be some limited delays to your click and collect order, which we are working hard to resolve.
“I know how much our customers trust M&S, and that trust is incredibly precious to us. We have been working hard with the best experts to manage this, and I want to thank them and my colleagues for their hard work.
“Can I take this opportunity to thank you for shopping with us and for your continuous support. We really appreciate it.”
In an update posted to the London Stock Exchange, the company also confirmed that it has engaged external cyber security experts to assist with investigating and managing the incident.
Experts are now noting that even well-resourced organisations remain vulnerable to attacks, especially during peak shopping periods like Easter.
Executive VP EMEA at leading cybersecurity firm SonicWall, Spencer Starkey, commented: “Cybersecurity arrangements must be agile and constantly updated to keep up with the evolving threat landscape.
“Cybercriminals are constantly developing new tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and bypass security controls, and companies must be able to quickly adapt and respond to these threats.
“This requires a proactive and flexible approach to cybersecurity, which includes regular security assessments, threat intelligence, vulnerability management, and incident response planning.
“It also requires ongoing training and awareness programs to ensure that employees are aware of the latest threats and best practices for cybersecurity.
“By maintaining agile and up-to-date cybersecurity arrangements, companies can minimise their risk exposure, detect and respond to threats more effectively, and maintain the trust and confidence of their customers and stakeholders.”