M&S scrambles to repair trust after cyber attack disrupts online sales at critical summer time.

Marks & Spencer has suffered a painful setback after a cyber attack forced it to suspend online orders, dealing a blow to its trusted reputation and threatening to dent vital summer sales.

Since Friday, M&S has paused orders across its websites and apps in the UK, Ireland and internationally as it battles to recover operations. Analysts warn that unless normal service resumes quickly, the retailer risks losing customers to rivals during the all-important summer shopping season.

Kate Hardcastle, a consumer specialist at Insight with Passion, described the situation as “a bruise to M&S’s trusted brand image,” warning that incidents like this can shake customer confidence.

“Customers expect a retailer like M&S to keep their data safe and services running, so an incident like this can shake confidence,” she said. However, she noted that M&S’s swift and transparent response could limit long-term damage. “It’s a setback, but with the right actions it can be just a bruise rather than a lasting scar.”

The retailer’s dependence on its online business heightens the stakes. About a third of its clothing and homeware sales in the UK are made online, generating nearly £1.3 billion in revenue last year from a total £3.9 billion in that division.

Retail analyst Natalie Berg from NBK Retail said the disruption “erodes consumer trust in the brand” and emphasised the need for a rapid resolution. “I think shoppers are generally forgiving when these incidents occur, but they expect it to be resolved quickly,” she said.

The first signs of trouble emerged last weekend, as customers reported problems with contactless payments, click & collect services, and gift cards. On Tuesday, M&S confirmed it was dealing with a “cyber incident,” and by Friday, it had halted online orders entirely. The company apologised for the inconvenience and pledged to refund any purchases made on Friday.

Some services, such as contactless payments and gift card usage, have since been restored. Online grocery orders through Ocado, which sells M&S food but operates on a separate system, remain unaffected.

With temperatures set to rise this week, analysts say the timing of the disruption could not be worse. “The turn in weather means shoppers will be thinking about refreshing their wardrobes and homes,” said Berg. “It’s certainly not an ideal time to suspend online orders.”

Catherine Shuttleworth, from Savvy Marketing, warned that rival retailers were likely to pounce. “Given the ‘buy it now’ culture, other retailers will benefit from this opportunity,” she said, highlighting how quickly online shoppers will seek alternatives.

M&S had made expanding its online presence a “critical objective,” announcing ambitious plans last September to drive a greater share of sales through digital channels. The cyber attack therefore threatens more than just short-term sales — it challenges the company’s long-term strategy.

Berg branded the incident an “operational catastrophe,” warning that despite strong trading momentum, M&S could face a significant hit if the issue drags on.

Meanwhile, the Information Commissioner’s Office confirmed it was assessing information provided by M&S regarding the breach. The retailer also reported the incident to the National Cyber Security Centre, with the National Crime Agency offering support.

M&S is the latest in a growing list of major brands hit by cyber issues. Supermarket chain Morrisons grappled with Christmas chaos last year, while banking giants Barclays and Lloyds suffered high-profile outages earlier this year.

For now, M&S is working at pace to restore trust — but every passing hour risks shoppers clicking away to the competition.