Shoppers report failures in checkout, order changes, and Clubcard access as intermittent issues ripple through the UK’s largest grocer’s digital channels.
What Happened
Tesco has issued a public apology after significant technical issues disrupted access to its website and mobile application. The problems, described by the company as “intermittent”, left customers unable to make key updates to their online baskets, complete purchases, or view loyalty information tied to the supermarket’s widely used Clubcard scheme. While the retailer said its teams were working to resolve the instability, the impact was immediately visible across social platforms and outage trackers, where reports surged as shoppers tried and failed to transact online.
The outage arrives in a period of elevated sensitivity around digital reliability in retail. In February 2025, Tesco also faced a separate technical fault that caused items to vanish from baskets or appear unavailable at checkout—an episode that drew criticism at the time and raised questions about the robustness of ecommerce back-ends under load and during change windows.
How Customers Were Affected
For many consumers, the disruption was felt at the most crucial moment: the checkout. Reports indicated three recurring pain points:
- Order changes could not be processed: Customers attempting to modify delivery slots or substitute items encountered failures.
- Payments stalled or failed: Attempts to complete purchases timed out or returned errors.
- Clubcard access broke down: Users struggled to view points, redeem vouchers, or apply discounts linked to loyalty accounts.
The Clubcard dimension is particularly sensitive. With tens of millions of members, loyalty programmes have become a cornerstone of customer retention and price perception. When loyalty tools fail, shoppers not only lose savings; they also lose confidence that their digital relationship with a brand will hold up when it matters most.
Signal From the Outage Trackers
External monitoring services recorded a spike in problem reports for Tesco’s digital properties, indicating that the issue was broad rather than isolated to a specific region or device type. Although such crowdsourced platforms are imperfect proxies, they are often early indicators of systemic disruption—especially when the volume rises quickly and aligns with social chatter.
Is This a Cyberattack?
At the time of writing, there is no evidence that the outage resulted from malicious activity. The retailer’s statement framed the incident as intermittent system problems, a description more consistent with infrastructure instability, deployment complications, or dependencies failing upstream. That distinction matters: while the customer experience is the same—an inability to transact—the playbook for response and prevention differs substantially depending on whether the root cause is technical debt, change-related regression, third-party failure, or attacker-driven disruption.
Context: Other Retailers Have Struggled Too
Tesco’s outage follows a months-long pattern in which UK retailers have endured service interruptions, some explicitly linked to cyber incidents. Marks & Spencer (M&S) and the Co-op, for example, reported significant disruption to their online services in recent weeks, with customers temporarily unable to access accounts, browse products, or complete purchases. Those events underscored how increasingly professionalised criminal operations target retail platforms—and how quickly customer trust can erode when shopping journeys break at scale.
Even when outages are not security-driven, the business impact looks similar: missed sales, customer support overflow, and reputational damage that lingers beyond the recovery window. Each incident reinforces the same lesson: in digital commerce, reliability is part of the brand promise.
Banking’s Parallel: A Costly Reminder
The risks are not confined to retail. Earlier this year, Barclays agreed to pay £12.5 million in compensation following a major IT disruption that affected access to accounts and basic transactions. The settlement highlighted how regulators view operational resilience as a non-negotiable requirement—particularly in sectors deemed critical. While supermarkets do not face the same regulatory framework as banks, the direction of travel is clear: as digital channels become essential infrastructure, expectations rise accordingly.
Why Outages Keep Happening
Commerce stacks are complex, distributed, and deeply interdependent. Modern storefronts depend on a lattice of microservices, payment gateways, search and recommendation engines, loyalty databases, content delivery networks, and third-party APIs. A failure in any segment—or a poorly timed deployment—can cascade into visible downtime. Peak usage compounds the risk: flash sales, holiday demand, and promotional campaigns can expose performance bottlenecks that go unnoticed during quieter periods.
Add to this the pressure to ship features fast, integrate new fraud controls, and modernise legacy systems, and the result is a continuous balancing act between agility and stability. Organisations that succeed tend to invest early in observability, automated testing, rigorous change management, and layered redundancy—accepting that outages will happen but designing systems to degrade gracefully rather than fail hard.
What Good Incident Response Looks Like
When systems falter, time and transparency matter. Clear status updates, practical workarounds, and accurate ETAs reduce pressure on call centres and social teams while signalling respect for affected customers. Behind the scenes, success hinges on pre-planned runbooks: traffic throttling to protect core services, circuit breakers to prevent cascading failures, and isolation of problematic components via feature flags or rapid rollbacks. Post-incident, the most effective organisations publish candid root-cause analyses and—crucially—follow through on architectural remediation.
Prevention: How RELIANOID Helps Retailers Build Resilience
While no platform can guarantee zero downtime, retailers can materially reduce both the frequency and impact of incidents by hardening the delivery layer. RELIANOID’s application delivery and security stack is designed for this purpose: to keep customer-facing services available, performant, and protected—even when components misbehave. In practice, that means intelligent load balancing across regions and clouds; health-checks with fast failover so unresponsive nodes are removed before shoppers feel the pain; hot restarts and configuration reloads to ship changes without severing active sessions; blue-green and canary routing to test new releases with a fraction of production traffic; and layered security controls—including WAF, rate limiting, bot mitigation, mTLS, and DDoS protections—that defend the edge without adding friction at checkout. Combined with centralised observability and autoscaling hooks, these controls help retailers degrade gracefully under stress, preserve the checkout path, and protect loyalty endpoints—where a single failure can undermine months of customer-retention work.
The Trust Equation
Outages are no longer purely technical problems; they are brand events. Shoppers judge companies not just by price and assortment, but by the reliability of the digital experience that frames every step—from search to payment to loyalty redemption. When a failure interrupts that journey, the immediate cost is lost sales. The longer-term cost is a subtle shift in behaviour: customers keep a second app handy, diversify their shop, or abandon a loyalty programme that no longer feels dependable.
What Comes Next for Tesco—and Everyone Else
For Tesco, the imperative is twofold: stabilise the stack in the short term, then communicate clearly about causes and mitigations. Transparency builds credibility, but only if it is matched by architectural change. For the wider market, the message is familiar but urgent: treat ecommerce uptime as critical infrastructure. That means investing in redundancy at the edge, rigorous change control, dependency mapping for third-party services, and security measures that assume hostile traffic is a constant, not an exception.
Whether precipitated by a cyber event or a technical misstep, disruptions like this expose how fragile convenience can be. As digital channels continue to grow, resilience is not a competitive differentiator; it is the baseline expectation. Retailers that meet it will keep trust—and market share. Those that do not will find that customers, like packets, route around failure. We can help, don’t hesitate to contact us.
Related Blogs
