M&S Hit by Major Cyber Attack – Customer Data Stolen!

Marks & Spencer has confirmed a serious cyber attack has compromised customer data, sparking chaos across its UK services. The hacking began last month, hitting everything from online orders to in-store payment systems.

What Exactly Was Stolen?

M&S revealed some personal customer information fell into the hands of cyber criminals. Crucially, payment details and passwords remain safe, but the breach has rattled shoppers.

“Unfortunately, some personal customer information has been taken. Importantly, there is no evidence that the information has been shared and it does not include usable card or payment details, or account passwords.”

Customers will be forced to reset passwords next time they log in. The retailer has also issued advice on how to stay safe online.

Services in Turmoil – What’s Been Affected?

  • Click-and-collect orders hit by major disruptions
  • Contactless payments down nationwide for days
  • Online and app food and clothing orders suspended
  • Empty shelves in stores due to supply chain delays
  • Meal deals paused in travel hub branches

On April 25, M&S halted all online orders, causing a sharp 5% plunge in its share price.

Who’s Behind the Hack?

Experts point fingers at the notorious ransomware gang Scattered Spider. This criminal crew is infamous for sneaky social engineering attacks, including major hits on MGM Resorts and Caesars Entertainment last year.

“Scattered Spider is one of the most active and disruptive threat actors in the last 18 months… known for manipulating access through impersonation and bypassing multi-factor authentication.” – Jamie Akhtar, CEO of CyberSmart

M&S Fightback and Ongoing Investigation

  • Notified National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO)
  • Hired top cybersecurity consultants
  • Stores remain open despite the chaos
  • Committed to full transparency and regular updates

Despite this, shoppers still report shortages of favourites like bananas, fish, and even Colin the Caterpillar cakes.

Attack Timeline at a Glance

  • Apr 19: Disruptions first reported in stores and online
  • Apr 21: M&S confirms cyber incident, alerts NCSC & ICO
  • Apr 25: Online and app orders fully suspended
  • Apr 28: Distribution delays force agency staff home
  • May 13: Customer data breach officially confirmed

What Is a Cyber Attack?

Cyber attacks are deliberate hacks aimed at damaging or stealing from computer systems. Common tactics include:

  • Ransomware
  • Phishing
  • Malware
  • Denial-of-service (DoS) attacks
  • Social engineering tricks

How Customers Can Stay Safe

  • Reset passwords when prompted
  • Be on the lookout for phishing emails or suspicious activity
  • Keep an eye on accounts and report any fraud to your bank
  • Check the M&S Online Safety Guide for updates

Recent Cyber Incidents at Other Retailers

  • Co-op and Harrods have also suffered cyber intrusions lately
  • Co-op admitted 6.2 million customer records were compromised
  • Harrods cut internet access to stop further breaches

We are your go-to destination for breaking UK news, real-life stories from communities across the country, striking images, and must-see video from the heart of the action.

Follow us on Facebook at for the latest updates and developing stories, and stay connected on X (Twitter) the for live coverage as news breaks across the UK.

SIGN UP NOW FOR YOUR FREE DAILY BREAKING NEWS AND PICTURES NEWSLETTER

Your information will be used in accordance with our Privacy Policy

YOU MIGHT LIKE