UK retailer Marks & Spencer (M&S) has confirmed that the personal details of customers were stolen during April’s suspected ransomware attack.
M&S Chief Executive, Stuart Machin, made the announcement via the firm’s Instagram account on May 13.
He wrote: “As we continue to manage the current cyber incident, we have written to customers today to let them know that unfortunately, some personal customer information has been taken.”
The statement said that there is no evidence that the information has been shared.
M&S did not disclose what information had been taken but reassured customers that the data does not include useable card or payment details or account passwords.
“There is no need for customers to take any action,” Machin’s statement said.
M&S said it will prompt customers to reset their password the next time they log on to their account as a precaution.
Machin added that the retailer has shared information with customers on how to stay safe online.
The incident has caused significant operational disruption to the retailer, with online orders remaining suspended.
The M&S app is offline at the time of writing, with users met with a message that reads: “Sorry, you can’t shop with us on our app right now, as we’re working to improve your experience. We’ll be back soon.”
Machin provided no timeline on when services are expected to be restored in the new update.
He wrote: “Everyone at M&S is working around the clock to get things back to normal for our customers as quickly as possible, and we are very sorry for any inconvenience they have experienced. Our stores remain open as they have throughout.”
UK Retailers Under Attack
The M&S cyber incident was followed by reports of attacks on two other major UK retailers in recent weeks, the Co-op and Harrods.
The Co-op quickly revealed that the hackers were able to access a “limited amount” of customer data, including name, date of birth and contact information, although no financial data was taken.
There have been numerous reports of Co-op stores across the country running short of products as a result of the cyber-attack.
Luxury retailer Harrods confirmed on May 1 that it experienced attempts to gain unauthorized access to some of its systems, leading it to take some of its systems offline as a proactive response step.
The attacks on all three retailers are believed to have been perpetrated by the Scattered Spider gang using DragonForce ransomware.
It is currently unknown whether the attacks are linked in some way, such as the compromise of a common third-party supplier.
There has been no confirmation of demands for ransom payments being made by the attackers.
During the 2025 CYBERUK conference last week, Chancellor of the Duchy of Lancaster Pat McFadden said the trio of incidents should serve as a “wake-up call” for businesses across the country about the importance of cybersecurity.
Commenting on the latest M&S update, Matt Hull, Head of Threat Intelligence at NCC Group, said: “This incident serves as a call to action for companies to reassess their proactive cybersecurity strategies and incident response plans. Prevention is of course preferable, but should the worst happen, businesses need the ability to react quickly to contain the damage and minimize the impact on customers, no matter the type of data involved in a breach.”
Image credit: chrisdorney / Shutterstock.com
