LOGO

Marks & Spencer Data Breach: Customer Data Stolen in Hack

May 13, 2025
Topics:cybersecuritydata breachretailSecurity
Marks & Spencer Data Breach: Customer Data Stolen in Hack

Data Breach at Marks & Spencer Confirmed

Marks & Spencer, a leading retail company in the U.K., has officially acknowledged a recent cyberattack resulted in the theft of customer personal information.

The retailer disclosed to the London stock exchange on Tuesday that a data breach occurred last month, compromising an undefined quantity of customer data.

Details of the Compromised Data

According to a letter sent to customers and reported by the BBC, the stolen information encompasses customer names, dates of birth, home addresses, email addresses, phone numbers, details about their households, and records of their online orders.

As a precautionary measure, Marks & Spencer is currently resetting the online account passwords for all of its customers.

Operational Disruptions Following the Attack

The cyberattack continues to cause disruptions and outages across Marks & Spencer stores. Some grocery shelves remain depleted as a direct consequence of the operational impact.

Currently, the company’s online ordering system is also unavailable to customers.

Extent of the Data Breach

The precise number of individuals affected by the data theft remains unclear. A spokesperson for Marks & Spencer, Alicia Sanctuary, declined to provide specific figures when contacted by TechCrunch, directing inquiries to the company’s public statement.

The most recent annual report indicates that Marks & Spencer had 9.4 million online customers as of March 30, 2024.

DragonForce Claims Responsibility

Reports suggest that a ransomware and extortion group known as DragonForce has claimed responsibility for the cyberattacks targeting multiple U.K. retail giants, including Marks & Spencer.

Other Retailers Affected

Other U.K. retailers, such as the Co-op and Harrods, were also subjected to hacking attempts around the same timeframe.

Initially, the Co-op stated there was no indication of data compromise, but later confirmed that customer data had been stolen.

The compromised data at the Co-op included customer names, dates of birth, home and email addresses, and phone numbers.

Co-op Membership Data

The BBC reported that DragonForce alleges to possess the private information of 20 million individuals registered with the Co-op’s membership program, encompassing both current and former members.

Government Response

The U.K. National Cyber Security Centre has stated it is collaborating with the affected organizations and law enforcement agencies to gain a more comprehensive understanding of the attacks.

Investigations are ongoing to determine the full scope of the breaches and mitigate further risks.

#Marks and Spencer#M&S#data breach#data hack#personal data#cybersecurity

Related Posts

NHS England Data Breach Confirmed by Tech Provider

NHS England Data Breach Confirmed by Tech Provider

Cisco Zero-Day Exploit: Chinese Hackers Targeting Customers

Cisco Zero-Day Exploit: Chinese Hackers Targeting Customers

Pornhub Hacked: User Data Extorted by Hacking Group

Pornhub Hacked: User Data Extorted by Hacking Group

Google and Apple Release Emergency Security Updates

Google and Apple Release Emergency Security Updates

700credit Data Breach: 5.6 Million Affected

700credit Data Breach: 5.6 Million Affected

Home Depot Data Breach: Internal Systems Exposed for a Year

Home Depot Data Breach: Internal Systems Exposed for a Year