Marks & Spencer has emailed customers in Ireland apologising for a “cyber incident” that affected some contactless payments and click-and-collect orders over the bank holiday weekend.
The email said the retailer was “working hard to resolve” the issue and stressed that neither customers nor staff need to do anything as their data had not been compromised.
However, people were warned they could face delays to their click-and-collect orders as a result of the incident.
M&S added that it had to make “minor, temporary changes” to its store operations to protect customers and the business.
Mexican beauty influencer Valeria Márquez shot dead while livestreaming on TikTok
PGA Championship Round 1 as it happened: McIlroy (74) struggles with a misfiring game on a tough day for Irish contingent
Dublin landlord hit with largest-ever RTB fine over failure to register tenancies
Look inside: Former RTÉ presenter’s Glenageary home with French countryside-style garden for €2.25m
The email came in the wake of social media reports that shoppers struggled to pay using contactless methods or collect online orders over the weekend.
“I am writing to let you know that over the last few days M&S has been managing a cyber incident,” an email from the retailer’s chief executive Stuart Machin said.
“To protect you and the business, it was necessary to temporarily make some small changes to our store operations, and I am sincerely sorry if you experienced any inconvenience.
“Importantly, our stores remain open, and our website and app are operating as normal.
“There is no need for you take any action at this time and if the situation changes, we will let you know.
“There may be some limited delays to your Click & Collect order, which we are working hard to resolve.”
M&S said it was working with cybersecurity experts to investigate and manage the incident and has reported it to Britain’s data protection supervisory authorities and the National Cyber Security Centre.
Jake Moore, global cybersecurity adviser at internet security firm Eset, said: “This highlights the significant impact cyber attacks can have in the public domain.
“Many ransomware attacks are dealt with behind the scenes which can make people think the problems are eroding but when customers are directly affected, the knock-on effects are far more widely noted.
“Luckily, it seems no customer data has been taken in the attack but this situation widens the reality that card-only payments may not yet be the answer in a time when cyber attacks are just as prevalent as they’ve ever been.” Additional reporting: PA
