Particle.news

Download on the App Store

M&S Confirms Customer Data Breach Following Prolonged Cyberattack

Hackers accessed personal data but not financial details or passwords, as M&S continues to grapple with operational disruptions three weeks after the attack.

Image
Image
Marks and Spencer, Sheffield (Photo by Mike Egerton/PA Images via Getty Images)
Image

Overview

  • Marks & Spencer has disclosed that hackers stole customer personal data, including names, addresses, dates of birth, and order histories, but no financial details or account passwords were compromised.
  • The retailer has enforced password resets for customer accounts and shared online safety guidance to mitigate potential risks of phishing attacks.
  • The cyberattack, linked to the Scattered Spider group, has disrupted M&S's online operations, halted online orders, and caused stock shortages in stores since late April.
  • M&S is collaborating with cybersecurity experts, law enforcement, and government regulators as it works to restore systems, though no timeline for full recovery has been provided.
  • The company's share price has fallen approximately 15% as the prolonged outage impacts sales, with analysts estimating significant financial losses for the retailer.