Overview
- Marks & Spencer has disclosed that hackers stole customer personal data, including names, addresses, dates of birth, and order histories, but no financial details or account passwords were compromised.
- The retailer has enforced password resets for customer accounts and shared online safety guidance to mitigate potential risks of phishing attacks.
- The cyberattack, linked to the Scattered Spider group, has disrupted M&S's online operations, halted online orders, and caused stock shortages in stores since late April.
- M&S is collaborating with cybersecurity experts, law enforcement, and government regulators as it works to restore systems, though no timeline for full recovery has been provided.
- The company's share price has fallen approximately 15% as the prolonged outage impacts sales, with analysts estimating significant financial losses for the retailer.