Marks & Spencer (M&S) has confirmed that customer data was stolen during a major cyber attack that began last month, affecting services and disrupting operations across the UK.
The retailer issued a formal statement today revealing that some personal customer information was accessed by cyber criminals, although payment details and passwords remain secure.
What Data Was Stolen?
In a statement shared on Instagram, M&S said:
“Unfortunately, some personal customer information has been taken. Importantly, there is no evidence that the information has been shared and it does not include usable card or payment details, or account passwords.”
As a precaution, all customers will be prompted to reset their passwords upon their next login, and M&S has shared tips on staying safe online.
Impact on M&S Services
The cyber attack, first reported on Saturday, April 19, has led to:
- Major disruptions to click-and-collect services
- Problems with contactless payments
- Suspension of online and app orders for food and clothing
- Empty shelves in some stores due to supply chain delays
- Temporary suspension of meal deals in travel hub branches
On Friday, April 25, M&S took the drastic step of suspending all online orders, leading to a 5% drop in share price.
Who Is Behind the Attack?
Cybersecurity experts believe the culprits are Scattered Spider, a notorious ransomware gang. The group is known for social engineering tactics and high-profile attacks on MGM Resorts and Caesars Entertainment in 2023.
Jamie Akhtar, CEO of CyberSmart, said:
“Scattered Spider is one of the most active and disruptive threat actors in the last 18 months… known for manipulating access through impersonation and bypassing multi-factor authentication.”
Response and Investigation
M&S has:
- Notified the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO)
- Engaged external cybersecurity consultants
- Continued to operate stores across the UK
- Promised transparency and further updates as they restore services
Despite efforts, shoppers continue to report shortages of popular items such as bananas, fish, and Colin the Caterpillar cakes.
Timeline of the Attack
- Apr 19: Reports of disruptions at stores and online
- Apr 21: M&S confirms cyber incident; engages NCSC & ICO
- Apr 25: All online/app orders suspended
- Apr 28: Distribution centre delays; agency staff sent home
- May 13: Customer data breach confirmed
What Is a Cyber Attack?
A cyber attack is a deliberate attempt to disrupt, damage, or gain unauthorised access to computer systems. Common types include:
- Ransomware
- Phishing
- Malware
- Denial-of-service (DoS)
- Social engineering
What Should Customers Do?
✅ Reset your password when prompted
✅ Stay vigilant for phishing emails or suspicious activity
✅ Monitor your accounts and report fraud to your bank
✅ Visit M&S Online Safety Guide for updates
Related Incidents
- Co-op and Harrods have also reported recent cyber intrusions
- Co-op confirmed that 6.2 million customer records were compromised
- Harrods responded by limiting internet access to prevent further breaches
