Following a cyber security incident at Marks and Spencer (M&S), contactless payments and click-and-collect services remain unavailable even 72 hours later.
Although details of the incident that began on Monday, April 21, are still scarce, M&S has brought in third-party cyber forensics and is collaborating with the National Cyber Security Centre (NCSC) to investigate further.
In an update on April 23, M&S mentioned that they had to make changes to their operations to ensure the security of their customers and business. Some processes have been moved offline as a precautionary measure.
A spokesperson stated, “Our stores are open, and customers can still shop on our website and app. However, contactless payments are not being processed, click-and-collect orders have been paused, and there might be delays in online order deliveries. We appreciate the understanding and support of our customers, colleagues, partners, and suppliers.”
M&S is working diligently to restore services and minimize disruptions, with assistance from industry experts. They will provide updates as necessary to address the issues.
Fraud may become an issue
Cyber security professionals have commended M&S for their transparent incident disclosure and customer communication.
However, the exact nature of the cyber attack remains unconfirmed, leading to speculation about ransomware. This uncertainty may raise concerns among customers about the security of their financial and personal data.
M&S advises consumers not to take any immediate action, but McAfee EMEA head Vonny Gamot suggests some precautionary steps.
She warns, “Scammers often exploit high-profile incidents like this to launch phishing attacks through emails or texts, directing individuals to fraudulent sites to steal sensitive information.”
It is crucial to remain vigilant and question any unexpected communication related to the incident. Updating passwords, monitoring bank accounts, and placing fraud alerts on credit cards are recommended steps to safeguard against potential fraud.
