U.K. Retail Giant M&S Says Customer Data Was Compromised in Cyberattack
In April 2025, British retailer Marks & Spencer (M&S) experienced a significant cyber attack that disrupted its online operations and compromised some customer data. The breach led to the suspension of online orders since April 25, 2025, and raised concerns about the security of personal information. (reuters.com)
Details of the Cyber Attack
M&S confirmed that the cyber attack involved unauthorized access to its systems, resulting in the exposure of certain customer personal information. However, the company emphasized that no usable payment or card details were compromised, as it does not store such sensitive information. Additionally, account passwords were not affected. The retailer assured customers that there is no evidence the stolen data has been shared. (reuters.com)
Operational Impact
The cyber attack has had a significant impact on M&S’s operations. Online orders have been suspended since April 25, 2025, affecting the availability of clothing and home products. While the company’s 1,000 physical stores remain operational, the disruption has led to a 15% drop in share price and is expected to result in a profit loss of at least £30 million, with weekly losses around £15 million. (reuters.com)
Response and Recovery Efforts
M&S is actively working with cybersecurity experts, law enforcement, and government agencies to restore its online operations and secure its systems. The company has taken steps to protect its systems and is collaborating with relevant authorities to investigate the incident. Customers have been advised that no action is required from them at this time. (reuters.com)
Industry-Wide Concerns
The M&S cyber attack is part of a broader trend of increasing cyber threats targeting UK retailers. Other major retailers, including the Co-op and Harrods, have also experienced similar attacks, highlighting the vulnerability of the retail sector to digital threats. The UK’s National Cyber Security Centre (NCSC) has issued guidance to organizations, urging them to review their help desk processes to prevent such breaches. (ft.com)
Recommendations for Customers
While M&S has stated that no action is required from customers at this time, it is advisable for individuals to monitor their financial accounts for any unusual activity. Being vigilant about personal information and following best practices for online security can help mitigate potential risks associated with such cyber incidents.