Mon. Jun 9th, 2025
Marks & Spencer Confirms Customer Data Breach

Marks & Spencer (M&S) has confirmed a data breach following a recent cyberattack, revealing that some customer information was compromised. Affected data may include contact details, dates of birth, and online order histories. However, the retailer assures customers that payment card details and account passwords remain unaffected.

The attack, which occurred three weeks ago, continues to disrupt M&S services, with online ordering remaining suspended. The company is actively working to restore full functionality and has initiated password resets for added customer security.

M&S CEO Stuart Machin issued a statement, expressing regret for the incident and emphasizing that there’s no evidence the stolen data has been disseminated. While the exact number of affected customers is undisclosed, all website users have received email notifications.

M&S clarifies that compromised contact information may include names, addresses, email addresses, and phone numbers. Card details, they stress, are not at risk due to the company’s secure payment processing systems.

While no immediate customer action is required, M&S advises vigilance against suspicious emails and recommends verifying any communication directly through official channels. NCC Group’s Matt Hull warns of potential phishing scams leveraging the stolen information.

The cyber incident, initially impacting Click & Collect and in-store contactless payments, has led to the suspension of online services since April 25th. While in-store operations have resumed, the timeline for online order restoration remains unclear.

The data breach, linked to the DragonForce cybercrime group – also responsible for attacks on Co-op and Harrods – employed a double extortion tactic. This involves data theft and encryption, demanding ransom for data recovery and deletion. While M&S is not yet listed on DragonForce’s darknet site, the risk of data leakage remains.

Retail analyst Catherine Shuttleworth highlights the impact on M&S’s reputation, noting the need for robust customer reassurance. She emphasizes the importance of maintaining the trust of its customer base, given M&S’s established position as a reputable brand.

The National Cyber Security Centre (NCSC) advises businesses to review IT help desk password reset protocols in light of the ongoing attacks targeting retailers.

The ongoing situation underscores the gravity of the M&S cyberattack, highlighting the company’s ongoing efforts to restore services and address customer concerns.