This is not just any 'cyber incident' … this is an M&S 'cyber incident' UK high street mainstay Marks & Spencer told the London Stock Exchange this afternoon it has been managing a "cyber incident" for "the past few days." Not included in the LSE notification were details about when the incident took place or what kind of incident it is suspected to be, but an email to customers, seen by The …
"Customer trust is incredibly important to us, and if the situation changes an update will be provided as appropriate."
Or.. we don't give a damn about you suckers (customers) and will give you, maximum, 5 years credit monitoring. And if the situation changes, we will say almost nothing, as our lawyers told us to do so.
+1 for this since yesterday, a member of staff in my local M&S was posted to advise all shoppers entering that card payments were chip and pin only.
I bought some goods instore and the chip and pin payment was very slow to authorise, and also hasn't come off my available balance yet, or posted to my account, which probably makes me think they're being posted offline and they yanked the live data connection when they knew there was an issue. Hence the need for C&P and the fact it's very slow. probably some sort of risk management kicking in before allowing an offline auth.
That’s not how card payment works in store.
You’d want it on-line for maximum fraud protection, instead of falling back to the stand-in (Controlled by the chip on your card).
Sounds like card traffic to the payment host and the HHT’s scanning the click and collect orders as customer received had a connection issue. Perhaps common routing via HO/DataCentre… or some planned maintenance fuck-up.
AC poster here from the 2058 comment.
I don't profess to have any particular expert knowledge on this, however, in my dark and distant days of working in retail, we had the old fashioned imprinters for if anything computerized/telephony went down along with boxes of carbon copy slips. There was also the option latterly, if the card supported it, to authorise a certain amount offline via C+P (card dependent obviously, some are 100% phone home/online cards so these would decline), otherwise you'd have to call the merchant acquirer.
These days everything's shifted the other way - all online auth for pretty much all transactions.
Fun fact; back in the day when contactless came out (and the limit was £10/20) the auth was mostly offline. When Apple/Google pay etc came into the view, it switched to being 100% online.
Naturally with the passing of time, the processing speeds have become better and it's pretty much instantaneous with fixed always on internet being common - e.g. 3/4/5G connection or LAN/WLAN.
However, for the smaller merchants who still used dialup at the time of this, it would always take ages with online device contactless payments
Also, for anyone keen to know if there was any delay in being charged, no, none. The transaction posted to my statement yesterday so whatever they have as a backup does work, without unduly impacting the shopper's experience. Unless, of course, you were silly to not carry a card and rely entirely on a device payment, in which case, no Colin the Caterpillars for you.
They are definitely playing this down. I was in a store on Saturday when it happened, they were unable to process contactless, only chip + pin. A staff member told me that the network was down and they can’t process offline. Either they shut it off to prevent escalation or the attack brought it down.
Yes, and they didn't have any kind of sign up at my local to warn us. So I tried my M and S card on my phone and after some wheel spinning it rejected it and told me to try again. And it got rejected again. So I tried with the physical card and it still got rejected. So then I tried with a different card on my phone, which got rejected too.
At which point I went back to old fashioned chip n pin. Luckily I could remember the pin for one of my cards quite easily, since I seldom need to use the pin with the others,and by then I was too flustered and cross to even think straight, let alone recall the other pins.
Was in M&S yesterday late afternoon - and almost no yellow-labelled reductions. Whilst often of little or no relevance, it is unusual not to see quite a number of items with yellow label reductions at that time.
I suspect that the computer systems identify which items need attention, based on stock levels and dates, then someone goes round printing the yellows, and sticking them on. But if systems not working properly, that process likely failed to work properly.
But the one contactless payment I made (debit card via Apple wallet) worked and has appeared on my account this morning.
Based on what my mum tells me with regards to yellow sticker items, it's a largely manual process. She worked at M&S for a number of years, retired some years ago now.
The staff member picks out an item they want to buy at a staff discount...like really nice joints of meat, steaks etc, they will then strategically hide it somewhere (usually in the refrigerated warehouse) until it reaches it's yellow sticker threshold (often half price)...then you yellow sticker it and buy it at that price with your staff discount on top (20%) then freeze it.
Is this the yellow sticker procedure you speak of?
I've always wondered why we ate like kings when I was a kid...seems my mum was an M&S Beef Bandit.
'twas in the Dublin, Grafton St, M&S on Monday.. went to pay by tap (via my phone), and it didn't work.. assistant popped up (much like the store keeper in Mr Benn ), saying they had had problems since 3am(!) and that it was being worked on... she suggested I paid by card and I said... er now, don't carry them these days... back went the twisty salt and vinegar crisps and discounted hot cross buns!
Think about it. If you are standing in front of the pay machine with a basket full of groceries you aren't in a position to wander off and find a cash machine- assuming there is one near by. I don't think I've seen one at my M and S store, it's certainly not near the checkout. And nowhere else in that location- a small retail park- has one.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
