M&S Revives Click & Collect After Cyber Attack, Some Services Still Down
In a world where convenience often dictates shopping choices, the sudden interruption of a familiar service can feel unsettling. For many, Click & Collect represents the best of both worlds: the ease of online browsing combined with the immediacy of in-store pickup. When a recent cyber attack disrupted parts of Marks & Spencer’s digital operations, it severed that bridge for thousands of customers and raised urgent questions about how quickly and securely the retailer could restore trust and functionality. Now, with Click & Collect reinstated, shoppers have reason to breathe easier — but the recovery is incomplete and important work remains.
What happened and what’s back online
The specifics of the cyber attack on M&S have not been fully disclosed, but it clearly affected multiple customer-facing systems. Click & Collect — the service that lets shoppers reserve items online and collect them in store — was among the affected features. Restoring this service is a significant milestone: it reunites many customers with a routine shopping behavior and signals that core operational systems are being brought back under control.
Yet restoration is partial. Customers continue to report problems with home delivery bookings and other online functions. For people who combine grocery orders, clothing reservations and home deliveries, the interruption feels far from over. “It’s great that Click & Collect is back, but other services I depend on are still down,” one shopper said. “It’s a relief — and a reminder of how reliant we are on interconnected systems.”
Why Click & Collect matters beyond convenience
Click & Collect is more than a time-saver; it’s a touchpoint for customer experience and trust. When a retailer’s digital services fail, the damage isn’t only logistical — it’s reputational. Consumers expect clarity about whether their personal or payment data was exposed and want evidence that the company is taking robust steps to prevent recurrence. Cybersecurity experts warn that mismanaged responses can have lasting consequences on brand loyalty and sales.
Dr. Emma Lewis, a cybersecurity researcher, notes that “these attacks can not only disrupt services but also compromise customer trust.” Customers want transparent communication: what happened, what data (if any) was affected, and what measures are in place to stop future incidents. For a visible service like Click & Collect, the stakes are high because recovery must balance speed with thorough security checks.
Policy and industry reaction
The incident has prompted calls for stronger regulatory standards and clearer mandatory reporting after breaches. Policymakers and consumer advocates argue that timely, accurate information is essential for public trust. Senator Martin Griffith emphasized the need for businesses to prioritize cybersecurity, warning that the consumer economy cannot be left vulnerable to malicious actors.
Retailers face pressure from inside their organizations, too. Protecting a complex web of services — inventory management, customer accounts, payment gateways and delivery scheduling — requires integrated security strategies. Experts recommend a mix of measures: stronger encryption, routine third-party security audits, employee training on phishing and social engineering, and redundancy in critical systems to ensure continuity even under attack.
Balancing quick fixes with long-term resilience
Reactivating Click & Collect quickly was the right move from a customer-relations standpoint: it restores a predictable element of the shopping experience and reduces immediate friction. But reopening services without full forensic investigation risks reopening vulnerabilities. IT strategist Mark Johnson warns that businesses face a difficult trade-off: “Companies must fix what’s broken fast, but also upgrade their defenses to prevent a repeat.”
For M&S, the next steps should include clear communication about whether customer data was compromised, a timeline for bringing remaining services back online, and a public outline of the enhanced security measures being implemented. Demonstrating accountability — not just technical recovery — will be key to rebuilding consumer confidence.
Practical lessons for retailers and consumers
This episode is a strong reminder that cybersecurity is a strategic issue, not just a technical one. Retailers should elevate cybersecurity to a board-level priority, integrate it into operational planning and treat incident response as part of customer service. That means regular penetration testing, incident playbooks, transparent communication protocols and investments in resilient architecture.
Consumers, meanwhile, can take sensible precautions: monitor account activity and bank statements, update passwords, enable two-factor authentication where available, and follow official communications from retailers about recommended actions. Being vigilant reduces personal risk and helps manage uncertainty after disruptions.
Conclusion: Click & Collect returns, but security remains the priority
The reinstatement of Click & Collect at M&S is a welcome sign that recovery is underway and that customers can once again rely on a familiar convenience. Still, the partial nature of the recovery highlights a broader reality: restoring functionality is only one piece of the response — protecting customer data and preventing future attacks is the enduring challenge. As M&S and other retailers rebuild and harden their systems, transparency, sustained investment in cybersecurity and clear communication will determine whether shoppers regain full confidence in the services they depend on. Click & Collect’s comeback is encouraging, but lasting reassurance will come from demonstrated security and accountability.




