M&S Cyber Attack Stole Customer Data: Do THIS To Stay Safe

Marks & Spencer, the big retail store, got hit by a serious cyber attack. Hackers got into their system and may have stolen a bunch of personal info from customers. We’re talking names, addresses, email IDs, phone numbers, some partial payment card details, and even loyalty points from their Sparks program. It’s a bit worrying because this could affect people who shop online, in-store, or use the loyalty cards.

What’s scary is the hackers might’ve had access for weeks or even months before M&S announced it. So, even if you haven’t bought anything recently, your data might still be out there somewhere. It’s the kind of thing that could lead to fraud or identity theft if you don’t act fast.

What Happened and Who’s Affected

From what M&S said, this wasn’t a simple hack. It was a “sophisticated” attack on their customer database — meaning it wasn’t just some random hacker messing around. The data stolen includes:

• Names, emails, phone numbers, and home addresses

• Partial payment card info (not the full card numbers, but enough to worry)

• Sparks loyalty program details

People who shopped online, used their cards in stores, or are part of the loyalty program are all possibly affected. Honestly, this kind of breach can put a lot of people at risk because this data can be sold or misused in many ways.

What You Should Do Right Now to Protect Yourself

Don’t wait around for M&S to get back to you. Here’s what you can do today to keep yourself safe:

1. Check if your info was leaked
   Use a free site like “Have I Been Pwned?” to see if your email or details showed up in the breach. Also, watch out for any weird login alerts or messages from M&S or other accounts you use.

2. Freeze your credit report
   Contact the three big credit agencies – Experian, Equifax, and TransUnion – and put a freeze on your credit. This stops anyone from opening loans or credit cards in your name without your say-so.

3. Change all your passwords
   Especially if you use the same password on M&S, your email, or your bank accounts. Make new passwords that are long and random — don’t use pet names or birthdays.

4. Turn on two-factor authentication (2FA)
   For extra safety, enable 2FA on your important accounts, including M&S. Don’t just rely on SMS codes — use authenticator apps like Google Authenticator or Authy instead.

5. Be alert for scams
   Watch out for fake emails or calls pretending to be from M&S. They might say you’re owed a refund or need to verify your account. Remember, M&S will never ask for your password or personal info over the phone or email.

If Your Card Details Were Saved on M&S

If you stored your payment info on the M&S website, this is important:

• Call your bank or card provider and ask for a new card number

• Check your bank statements closely for any small “test” charges (like £1 to £5) — that’s often hackers trying your card

• Remove any saved cards from your M&S account settings to be safe

One tip some people use is virtual cards (like those from Revolut) when shopping online. It’s safer because it limits how much hackers can use if your info gets stolen.

What About Compensation or Help from M&S?

Right now, M&S hasn’t said anything about automatically giving money back or compensation. If you get hit by fraud because of this, you’ll have to report it yourself to your bank or card issuer to try to get your money back. Also, some law firms are starting to organize a class action lawsuit, so you can sign up if you want to join that.

If you’re angry (and honestly, who wouldn’t be?), you can complain directly to M&S and also to the ICO — that’s the Information Commissioner’s Office which handles data protection complaints.

How to Spot Fake M&S Emails or Messages

Cybercriminals love to use news like this to trick people even more. So be careful with emails or texts that say things like:

• “Urgent account verification” with a link you’re told to click

• Offers of £50 “goodwill gestures” or refunds — these are usually fake

• Messages saying your order is stuck or delayed to get you to click on something dangerous

The real M&S emails won’t ask you to do anything immediately or ask for your passwords. If you get a weird message, don’t click anything — just delete it.

Bottom Line — Don’t Wait, Act Now

This breach is a big deal and could cause problems for months or years since stolen data often ends up on dark web markets. So if you haven’t done the steps yet:

• Check your email on breach sites

• Freeze your credit reports

• Change passwords and remove saved payment info

And definitely share this info with family and friends, especially older people who might not be as tech-savvy but shop at M&S a lot.

Stay safe out there!