H&M hit by payment system failures as retail cyber risks mount
H&M experienced major disruptions across its UK store network yesterday, with a failure in its payment systems that left customers unable to complete their purchases for several hours. The issue, which appears to have affected in-store transactions nationwide, marks the latest tech challenge to hit a high-profile retailer amid rising concerns over cyber threats.
While the cause of the outage is still under investigation, the disruption follows a string of recent cyber incidents at major retailers, raising questions about the resilience of retail infrastructure in the face of increasingly sophisticated digital threats
An H&M Spokesperson told TheIndustry.fashion: "We can confirm this was a technical issue that has now been resolved in most of our stores, we ask for our customers patience and understanding while we work to ensure all stores are back to normal as soon as possible."
Although it's not clear if the incident affected online purchases, in at least one London store, staff reported being unable to process payments for two hours.
The H&M incident comes on the heels of serious cybersecurity breaches at M&S, Co-op, Cartier, and The North Face.
Earlier this week, The North Face and Cartier reported having customer data stolen in cyber attacks. Both The North Face and Cartier said financial information was not compromised, despite customers’ names and email addresses being taken.
Last week, Adidas joined the list of brands being hit by a cyber attack in which customers' personal information has been stolen, though again it stressed that passwords and credit card and other payment data were not compromised.
Additionally, last Thursday, lingerie brand Victoria's Secret took down its US website and halted some in-store services following what it described as a "security incident".
The news also comes following a recent spate of cyber attacks on retailers including M&S, Co-op and Harrods. Shoppers reported being unable to use contact payments or click and collect services at M&S over the Easter weekend. Then, on 13 May, the retailer confirmed that personal customer data had been stolen as part of the cyber attack.
However, M&S stressed that the data did not include payment or card details, or account passwords, and was not believed to have been shared online.
M&S has said that the knock-on effect of the attack means its services will continue to be disrupted until July, estimating it will reduce its profits for the current year by as much as £300 million.
In the wake of all the attacks, new data from global research and insights agency, Opinium, last week revealed that 66% of UK consumers now intend to change their online shopping habits and rethink how and where they shop online.
Of 2,000 UK adults surveyed, almost a quarter of consumers (23%) now intend to only shop online with brands they completely trust, while 22% will only shop with brands they feel have strong security.
Even more damning, nearly three-quarters (73%) now see cyber attacks as one of the biggest risks facing UK consumers, with 82% saying companies must do more to protect their data.
On 7 May, the government revealed plans to increase cybersecurity. Chancellor of the Duchy of Lancaster, Pat McFadden, told tech experts and business chiefs that cyber security is "not a luxury but an absolute necessity", as he announced a £16 million package to boost defence at home and abroad.
