M&S issues update for customers with gift vouchers after cyber attack
MARKS and Spencer has issued an update for customers with gift vouchers after its cyber attack.
Customers have taken to social media to share their dissatisfaction with the retailer's latest update.
1
It comes as the ongoing chaos has left scores of M&S shoppers unable to use their gift vouchers.
Yet the retail giant initially told customers they won't get extensions of the expiry dates on vouchers due to expire.
One customer took to X, pleading: “My vouchers expire at the end of this month but I can't use them. Can I have them extended?”
But M&S responded: “Unfortunately we’re unable to extend vouchers.”
They later appeared to soften, agreeing to "double check" on the customers behalf.
Last month, shoppers also said they’d hit a brick wall.
One couple revealed on the MoneySavingExpert forum that they’ve been saving up vouchers from their M&S credit card for months, only to be told they’d have to use them now or lose them entirely.
The customer posted: “We contacted M&S Customer Support which bluntly said that if we didn’t use the vouchers by their expiry date then that was tough.
“The only option we have is to spend them on something we don’t really need.”
They added that M&S stores aren’t even able to place orders, meaning customers can’t just pop in and buy bigger items either.
Even staff are reportedly unable to order stock, with fears some branches could start running out of essentials altogether.
Some stores have even been stripped of staples like bananas and Colin the Caterpillar cakes, and popular meal deals were pulled in smaller branches
An MSE forum ambassador said: “Given the number of people this may affect, perhaps thousands as you suggest, I would expect M&S to extend the end date for these.”
While another shopper fumed: “The least they could do is extend the date.”
M&S credit card reward vouchers are valid for 17 months, while shoppers with gift cards have 24 months from the last transaction to spend them.
When The Sun contacted M&S, it advised affected customers to get in touch - but didn't confirm whether it would offer extensions on a case-by-case basis after all.
A M&S spokesperson said: "The majority of M&S credit card customers redeem their reward vouchers in stores, and they can continue to do so.
"If for any reason customers aren’t able to redeem in store, and their vouchers are due to expire soon, we would ask them to get in touch with us so we can support them.”
Meanwhile, the attack is still causing carnage across the business.
M&S was forced to pull online orders, birthday perks were suspended, and Sparks offers were frozen.
The store has now confirmed that some freebies, like birthday cookies, will still be honoured eventually.
But when it comes to Rewards Vouchers — a perk many customers save up to use for larger purchases — the answer so far is a hard no.
The cyber attack, which kicked off over Easter weekend, has been one of the worst to hit the high street in years.
It has forced M&S to halt online orders and triggered widespread disruption, including a £300million blow to profits.
Customer info was also nicked during the breach, with security experts now blaming “Scattered Spider”— a notorious cyber gang thought to be behind the chaos.
Online shopping is still out of action and is expected to remain patchy until at least July, with fashion, home and beauty sales taking a battering.
- Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues.
- Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts.
- Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of "proactive management".
- Wednesday, April 23: Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected.
- Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February.
- Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price.
- Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home.
- Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores.
- Tuesday, May 13: M&S revealed that some customer information has been stolen.
- Wednesday, May 21: The retailer said disruption from the attack is expected to continue through to July.
Meanwhile, M&S isn't the only store facing cyber trouble.
Co-op was forced to shut down part of its IT system after facing a hacking attempt last month.
It confirmed that it had "taken proactive steps to keep our systems safe".
It was later revealed that the personal data of a "significant number" of its 6.2million customers and former members had been stolen.
The details included names, contact information, and dates of birth.
However, the retailer assured customers that passwords, credit card details, and transaction information were not compromised.
Full services resumed on May 14, following the reactivation of its online ordering system.
thesun
