Over the Easter holiday, British retail giant Marks & Spencer (M&S) faced a cybersecurity incident that disrupted parts of its store operations, even as its online services stayed up and running. As IT decision makers, this kind of real-world disruption is a sharp reminder of how even established enterprises can get caught off-guard — and how we need to constantly pressure-test our own incident response plans.

Here’s what happened, what we know so far, and why it matters:

• Incident Timing: The cyberattack hit during the Easter holiday, a critical shopping period for M&S.
• Impact on Operations:
  • Store operations experienced disruptions, including delays for customers.
  • Click-and-collect services in stores were directly impacted, and M&S advised customers not to travel unless they had received a confirmation email.
  • Gift card payments and contactless payment systems were also affected by technical difficulties.
• Company Response:
  • M&S made temporary changes to store processes to protect customers and their business.
  • They engaged cybersecurity experts and notified authorities to assist with the investigation.
  • Systems have mostly returned to normal, but some services (like click-and-collect) are still facing issues.
• Details Remain Limited:
  • M&S has not confirmed the type of cyberattack.
  • Based on the nature of the disruptions, ransomware is being speculated, but no official confirmation yet.
  • No clear information on whether customer data was compromised.