April 29, 2025: Marks & Spencer is entering the third day of a sustained cyber disruption that has affected core IT systems and portions of its customer-facing digital infrastructure. Internal sources report that the retailer’s e-commerce platform, order fulfillment software, and supplier communications have been partially or fully impacted, though in-store operations remain functional.

The company has not released technical specifics but confirmed it is working with the UK’s National Cyber Security Centre (NCSC) and private cybersecurity contractors to isolate the breach and assess the scope of the compromise. Investigations are focused on possible vulnerabilities in third-party software used for digital payment and logistics integration.

Customers have reported issues accessing account services, delayed deliveries, and sporadic checkout failures on the retailer’s website and app. No confirmed data breach has been announced, though Marks & Spencer issued a statement advising customers to monitor accounts and reset passwords as a precautionary measure.

Several cybersecurity analysts suggest the pattern of disruption is consistent with a ransomware or supply chain attack, potentially involving exploiting cloud-based retail systems. If confirmed, the incident would place Marks & Spencer among a growing list of UK firms targeted by sophisticated cybercriminal groups seeking operational leverage and financial extortion.

Retail analysts warn that the timing—mid-quarter during inventory turnover and promotional scheduling—may amplify downstream effects on inventory accuracy, customer retention, and vendor coordination.

The Information Commissioner’s Office (ICO) has been notified, and regulators are monitoring for any breach of GDPR and PCI DSS compliance obligations. Competitor retailers have also initiated precautionary security audits on overlapping platforms.

Marks & Spencer’s crisis team continues to issue rolling updates through its corporate site and investor channels. Once containment is confirmed and data integrity has been revalidated, analysts expect a fuller incident report.