A major technical glitch wreaked havoc on Morrisons just two days before Christmas, impacting thousands of customers across the UK. Retail Systems news editor Alexandra Leonards speaks to industry experts to explore where the country’s fifth-largest grocer went wrong, how it should revisit its tech strategy to rebuild customer trust in 2025, and what other major retailers should learn from the supermarket's failings.
As many of the UK’s top supermarket chains celebrate a record-breaking festive peak in January, there is one for whom the final months of 2024 were not smooth sailing.
During the most important weeks of the year for the UK retail market, including the Black Friday period and the lead up to Christmas, Morrisons experienced two significant disruptions to its systems.
At the end of November, the company’s third-party supply chain provider Blue Yonder was hit by a major ransomware attack which directly affected warehouse and logistics operations for companies including Starbucks and Sainsbury’s alongside Morrisons. The attack disrupted the business’ warehouse management system for fresh food and produce, which meant it had to revert to a back-up process.
The Termite hacker group has since claimed it was behind the attack, and that it had successfully stolen 680GB of data, including “over 200,000” documents including reports and insurance documents. For its part, Blue Yonder has attempted to assure its supermarket customers that their customer and supplier data is safe.
Fast-forward a month to two days before Christmas—the biggest shopping day of the year— Morrisons experienced a separate major systems issue that impacted discounts for its More Card loyalty scheme, home delivery, and Click & Collect.
Customers reported being unable to access More Card discounts or promotions both in-store and online, leading to angry shoppers being made to spend more than anticipated due to the glitch. Meanwhile, some faced an anxious wait to be informed when their Christmas orders would be ready to collect, while others had their home delivery slots delayed.
Losing market share
Given that the grocer is attempting to reposition itself following a decline in market share that saw the company lose its position as the fourth largest supermarket to Aldi back in 2022, these outages could not have come at a worse time for Morrisons.
“Retailers invest huge sums in building and promoting loyalty schemes because they play an important role in incentivising customers to prioritise their brand over competitors, which is vital during busy seasons like Christmas,” Ryan Boulter, enterprise business development manager at media intelligence service provider CARMA, tells Retail Systems.
According to analysis from CARMA, Morrisons saw a 4.5x increase in media coverage on 23 December compared to the daily average for the 12 weeks to 29 December, with the vast majority overwhelmingly unfavourable. The company’s data shows that over the three-month period, Morrisons had the most negative coverage compared to all other grocery providers in the UK.
The technical glitch also amplified criticism on social media, with some shoppers claiming that they were only informed at the checkout that there was an issue using their More Card.
Lisa Ventura, founder of Cyber Security Unity (formerly the UK Cyber Security Association) and member of BCS, The Chartered Institute of IT, explains that incidents such as these risk eroding trust and confidence in the ability for Morrisons to provide reliable services to customers.
“Shoppers, especially during critical periods like Christmas, expect smooth operations, and disruptions of this scale may lead to doubts about the supermarket’s dependability,” she says.
As the online grocery market becomes increasingly competitive, the delays and cancelled deliveries were particularly troublesome for the retailer, and desperate shoppers turned to competitors. Iceland, for example, claimed that the Morrisons outage led to a surge in last-minute shopping with Turkey sales increasing by 200 per cent as a direct result.
“Sales of our Christmas produce rocketed and we were more than happy to oblige and make sure Christmas wasn’t ruined for families who switched to us,” a spokesperson said at the time.
Beyond a loss of market share, Ventura says the short-term impact is likely to be significant from both an operational and financial perspective.
“The technical failures and the measures taken to address them—such as customer compensation through discounts and vouchers—would have incurred substantial costs,” she explains. “Lost sales during the peak Christmas shopping season add to the financial strain.
“Additionally, the reliance on third-party vendors highlighted by the cyber-attack suggests that Morrisons will need to invest in improved oversight and monitoring of its partners’ cybersecurity measures, further increasing operational expenses.”
The cyber-attack on the company’s third-party provider also raises concerns about data security.
“Even if no customer data was compromised, the association with a cybersecurity incident might make customers apprehensive about engaging with Morrisons’ digital platforms, such as loyalty programmes or online services,” warns Ventura.
Ultimately, she explains, in an era where consumers are increasingly aware of data breaches, any perceived weaknesses in Morrisons' systems could deter customers from trusting the company with their personal or financial information. This gives the company’s competitors an opportunity to gain an edge by emphasising their own operational stability.
“The technical failures also point to the need for a more resilient IT infrastructure, which will likely require substantial investment to prevent similar incidents in the future,” adds Ventura.
These costs, coupled with the potential loss of customers to competitors who may have handled the holiday period more smoothly, could lead to a loss of market share both in-store and online.
The response: where did Morrisons go wrong?
Morrisons did take great efforts to compensate affected customers, for example by introducing a 10 per cent discount for More Card holders. It also made the top 100 More Card prices the regular price across its stores nationwide in an attempt to stave off the negative attention.
The retailer also issued public apologies acknowledging the problem but the overall response also demonstrated a number of shortcomings.
A significant number of customers reported issues with communication, particularly regarding online order cancellations and delays.
“Many were informed at short notice, leaving them with little time to make alternative arrangements during the busy Christmas season,” says Cyber Security Unity’s Lisa Venture. “There was also confusion over how to resolve loyalty card glitches or claim compensation, which highlighted inconsistencies in the messaging.”
Morrisons also failed to provide any specific details regarding the underlying causes of the technical difficulties. Although this action may have been intended to safeguard sensitive information, aggrieved customers were left with insufficient explanation of the organisation’s strategy for addressing the issue.
“Although it was quick to make customers aware of the problems and offer an apology, it did not provide an explanation beyond tech issues, or respond quickly to the criticism it faced,” says Ryan Boulter from CARMA. “Today’s customers demand transparency and real-time analysis of the situation would have shown Morrisons that their initial media statement and social media posts did little to curb the negative sentiment and reassure customers that they would be able to access discounts or receive their orders in time for Christmas day.”
Ventura says the fact that the issue occurred during a peak shopping season raised questions about the company’s preparedness and whether sufficient stress-testing or contingency planning had been in place to handle potential system failures during such critical periods.
“Ultimately, Morrisons’ response was only partially effective,” she adds. “While it took steps to mitigate the fallout through discounts and apologies, the approach felt more reactive than proactive.”
What should the company do in future?
“Retailers are undergoing massive changes and facing increasing pressure as customers now expect immediate, personalised responses tailored to their specific needs at any given moment,” explains Jean-Christophe Pitié, chief marketing officer at Contentsquare, an AI platform that provides insight into customer behaviour.
He says that the company has observed a growing demand for equipping digital platforms to detect and address anomalies or performance bottlenecks in real time—before they escalate—to minimise the impact on shoppers, with AI providing a way to connect the dots of the customer journey and identify errors in real time.
Ventura emphasises the importance of Morrisons fortifying its cybersecurity and IT systems both internally and through enhanced scrutiny of its third-party providers. This should encompass proactive communication and improved contingency planning, which are crucial in managing customer expectations and maintaining confidence during disruptions.
“Clear and transparent communication about the steps being taken to enhance security will be necessary to reassure customers and restore confidence,” she continues.
Morrisons will likely need to re-establish customer trust through the launch of loyalty campaigns, offering incentives, and demonstrating a renewed commitment to reliability and customer satisfaction.
“Moving forward, Morrisons will certainly need to rebuild trust in the eyes of its customers,” adds Ryan Boulter from CARMA. “Notably, this goes beyond focusing solely on price as the discounters always win in this area.”
Boulter cites a 2024 YouGov study that reveals that price alone does not always influence loyalty, as nearly three in ten shoppers express a preference for continuing with their current supermarket even amidst higher costs.
In contrast, Boulter suggests that Morrisons should redirect its efforts towards effectively communicating the compelling reasons why shoppers should prioritise it as their leading grocery retailer.
“This starts with transparency and demonstrating the changes that are being made to improve reliability and convenience, particularly during peak periods,” Boulter continues.
Morrisons' challenges during the festive period of 2024 exposed critical vulnerabilities in its IT infrastructure, cybersecurity, and crisis management, all of which eroded customer trust at a crucial time. The retailer’s reliance on third-party providers, coupled with insufficient stress-testing and contingency planning, amplified the impact of disruptions.
To rebuild trust and regain its competitive edge in 2025, Morrisons must adopt a proactive, customer-first approach. This includes investing in robust IT systems to prevent future failures, implementing AI-driven solutions to detect and address issues in real-time, and conducting stringent oversight of third-party vendors to ensure stronger cybersecurity measures. Equally important is the need for transparent and timely communication during crises, which can reassure customers and mitigate negative sentiment.
Morrisons also has the opportunity to reengage customers through loyalty initiatives that go beyond discounts, emphasising reliability, convenience, and a renewed commitment to customer satisfaction. By addressing these weaknesses head-on and demonstrating a clear path forward, Morrisons can turn its setbacks into an opportunity to redefine its brand and restore consumer confidence in the competitive retail landscape.
This will not be the last outage faced by a major retailer. As technology becomes more integral to operations, incidents like cyber-attacks, system glitches, and supply chain disruptions are inevitable. Other retailers should view Morrissons’ experience as a cautionary tale, emphasising the need to invest in resilient IT infrastructure, adopt proactive cybersecurity measures, and establish robust contingency plans. Learning from such incidents can help the broader industry mitigate risks and safeguard customer trust during critical periods.
Recent Stories