Jobaaj Stories
Marks & Spencer (M&S) has officially confirmed that personal data belonging to some customers was stolen during a recent cyber attack. The breach has affected sensitive customer information but not financial data, the company says.
🧾 What Data Was Stolen?
According to M&S, the compromised information may include:
-
Full name
-
Date of birth
-
Email address
-
Home address
-
Phone number
-
Household information
-
Online order history
đź’ˇ Note: No usable card payment details or account passwords were taken.
🛍️ Impact on M&S Services
The cyber incident, which took place over the Easter weekend, has disrupted various services:
-
Online orders through the M&S website and app have been suspended since April 25.
-
In-store services, including Click & Collect and contactless payments, were affected but are now largely restored.
-
No official timeline has been given for when online services will be back to normal.
🧑💼 What M&S Is Saying
Stuart Machin, CEO of M&S, stated the company is informing customers about the breach:
“Unfortunately, some personal customer information has been taken. Importantly, there is no evidence that the information has been shared.”
Jayne Wall, M&S’s operations director, also urged customers to stay cautious:
“You don’t need to take any action, but be careful of emails, texts, or calls claiming to be from M&S. We’ll never ask for your password or personal account details.”
Customers will soon be prompted to reset their passwords “for extra peace of mind.”
🧠Who’s Behind the Cyber Attack?
Cybersecurity sources suggest the breach was carried out by a criminal group using the DragonForce cybercrime service. This group is also believed to be responsible for attacks on other major UK retailers, including Harrods and Co-op.
The group reportedly uses a double extortion technique:
-
They steal and encrypt company data
-
Then demand a ransom to both decrypt it and delete the stolen copy
🛡️ What Customers Should Do
🔍 Stay alert for suspicious messages claiming to be from M&S
🔑 Do not share passwords or personal details with anyone
📬 Watch your inbox for M&S communication regarding password resets
Retail analyst Catherine Shuttleworth noted:
“This is a further blow for M&S. Customers have been supportive so far, but they’ll need strong reassurance moving forward.”
âť— Final Thoughts
As one of the UK’s most trusted retail brands, M&S now faces the challenge of restoring both its systems and customer confidence. With hackers becoming more sophisticated, customer awareness and prompt communication are more important than ever.
