Marks & Spencer has confirmed it has fallen victim to a significant cyber attack, with customer data being accessed by hackers. The Marks & Spencer cyber attack has sparked concern among shoppers, although the company insists that no card or payment details or account passwords were compromised.
The breach, described by CEO Stuart Machin as “sophisticated,” has led to personal information being taken, though the retail giant is downplaying the immediate risk to customers.
Customers Reassured But Cautioned
In a message issued directly to customers and on social media, Mr Machin stated: “We have written to customers today to let them know that unfortunately, some personal customer information has been taken.
Importantly, there is no evidence that the information has been shared, and it does not include usable card or payment details, or account passwords, so there is no need for customers to take any action.”
To enhance security, customers will be asked to reset their passwords during their next login. M&S has also shared safety tips to help users stay protected online.
“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account, and we have shared information on how to stay safe online,” Machin added.
Website and App Orders Halted Since April
The Marks & Spencer cyber attack has caused prolonged disruption to its digital operations. The retailer’s website and app have been unable to process orders since 25 April, with recovery efforts still ongoing.
The initial stages of the breach also affected contactless payments, delayed click-and-collect services, and caused some availability issues in physical stores. It’s a hit to the usually smooth shopping experience M&S customers expect.
The effects of the Marks & Spencer cyber attack have rippled across the company’s operations. Not only have digital orders been suspended, but online services remain paused as the retailer works to stabilise its systems.
The disruption hasn’t just impacted shoppers—agency staff were also reportedly sent home due to the widespread nature of the IT issues, highlighting the scale of the operational challenges M&S is currently facing.
Although Marks & Spencer has not officially named the culprits, sources suggest the attack may be linked to a group known as Scattered Spider. The organisation is recognised in cybersecurity circles for targeting high-profile corporations using advanced techniques.
While the exact scale of the Marks & Spencer cyber attack has not been disclosed, the firm’s silence on the number of affected customers has only deepened public curiosity.
In response to the attack, M&S has rolled out enhanced digital safety features. These include the password reset prompt, as well as guidance on maintaining online security. Customers are being urged to remain vigilant and to follow best practices when using their accounts.
Although the breach did not involve financial information, the Marks & Spencer cyber attack highlights the ever-growing threat posed by cybercriminals. Personal data, once exposed, can be exploited in various ways.
The Marks & Spencer cyber attack is a stark reminder that even established retail giants aren’t immune to the growing threat of cybercrime. M&S has acted quickly to reassure customers, stressing that the most sensitive data remains untouched. Still, the impact on its digital operations and customer trust is undeniable.
As investigations continue and systems are restored, shoppers are encouraged to stay alert, reset their passwords when prompted, and look out for any suspicious activity. M&S, meanwhile, must now focus on fortifying its digital defences and maintaining transparency in the weeks ahead.
