Retail titan Marks & Spencer brings back Click & Collect following a cyber invasion, although certain services remain unavailable.
Marks and Spencer Restores Most Services Following Cyberattack
Marks and Spencer (M&S) has announced that most of its services have been restored following a cyberattack that occurred in April 2025. The attack, which affected several British retailers, exposed customer data such as contact details, dates of birth, order histories, and some account reference numbers, but not usable payment or card details.
The National Crime Agency (NCA) arrested four individuals in connection with the attack on July 10. The suspects, aged between 17 and 20, are believed to be linked to the cybercrime gang Scattered Spider. The suspects include a Brit aged 17, a Latvian national aged 19, a 19-year-old British man from London, and a British woman aged 20 from Staffordshire.
The attack is expected to take a £300 million ($403 million) chunk out of M&S's profits for the 2025/26 financial year. M&S updated its website today, making its Click & Collect service available to customers again. However, the Scan and Shop service has a limit of £45 ($60), and international online ordering and occasion-cake ordering are still unavailable, with the latter set to return in the coming weeks.
Sparks Pay, M&S's payment system, is also unavailable. Customers can now order online for collection from any M&S store across the UK. They can also choose next day or nominated day delivery, and return their online orders to any M&S store.
The retailer's bricks and mortar stores remained open during the initial disruption caused by the cyberattack. The online stock checking functionality is still down. No authoritative sources have formally attributed the attacks on British retailers to any specific cybercrime group, but they have been widely speculated to be the work of the social engineers among the Scattered Spider gang.
M&S has advised customers to remain vigilant against phishing attempts using the compromised personal data. Other British retailers including Pandora, Adidas, and Chanel have also faced similar attacks in recent months, indicating a broader campaign targeting UK retail businesses.
The National Cyber Security Centre is actively cooperating with the affected companies to handle the incident and mitigate further risks. The NCA continues to investigate the attacks and will provide updates as more information becomes available.
Read also:
- Gadgets and Tech Essentials to Outshine Your Studies in the Upcoming Academic Term
- A separate cable linking to an RTX 50-Series GPU could potentially not be attributed to Nvidia for the issue.
- Today's top computer savings: Grab the new iPad M3 for $100 less, or snag a RTX 5080 gaming PC with a $400 discount and a complimentary gaming monitor included.
- FCC Chair Carr Criticizes Agency's Handling of Salt Typhoon Cyber Assaults - New Development
