Retail giant Marks & Spencer (M&S) has confirmed that a cyber attack has resulted in the theft of personal customer data, including names, addresses, telephone numbers, and dates of birth. The M&S data breach also exposed online order histories, email addresses, and household details—raising concerns over potential identity fraud.
While M&S reassured customers that no usable payment card details or account passwords were stolen, experts warn that the stolen data could still be used in phishing scams and identity theft attempts. The retailer has urged customers to reset their account passwords and stay vigilant against suspicious communications.
Online Orders Suspended as M&S Scrambles to Recover
The cyber attack, which occurred over the Easter weekend, has led to significant disruption of M&S’s digital services. Online orders via its website and app have been suspended since 25 April. The company’s CEO Stuart Machin said they are “working around the clock” to resolve the issue, though no timeline has been given for full service restoration.
Affected customers—potentially up to 9.4 million based on M&S’s last annual report—have been emailed directly. M&S has not yet disclosed how many individuals have been impacted.
What Data Was Stolen in the M&S Hack?
The stolen customer information includes:
• Full name
• Date of birth
• Telephone number
• Home address
• Email address
• Online order history
• Household information
Importantly, M&S clarified that full card details are not stored in their system, meaning no direct payment data was compromised.
Cybersecurity Experts Warn of Identity Theft and Scams
Cybersecurity professionals have voiced concern over how the stolen data might be used. Lisa Barber of Which? advised customers to change their passwords immediately and avoid reusing passwords across platforms. Matt Hull from NCC Group warned the data could be used to craft “very convincing scams.”
Customers are being reminded that M&S will never request sensitive information like passwords or usernames via email or phone.
Hackers Behind the Attack Linked to DragonForce Group
The group responsible for the M&S data breach is believed to be DragonForce—a darknet-affiliated cybercrime group known for double extortion attacks. Their methods include stealing and encrypting data, then demanding ransom payments for both the decryption and non-disclosure of stolen files.
DragonForce has previously targeted major UK brands like Harrods and Co-op. While no M&S data has appeared on the group’s darknet platform yet, experts warn that this could change if ransom demands are not met.
Retail Analyst: Brand Trust at Risk
Catherine Shuttleworth, a retail analyst at Savvy Marketing, described the breach as a “further blow” to M&S. “Customers hold M&S to the highest standard. They will need strong reassurance and transparency from the company going forward,” she said.
As one of Britain’s most trusted retailers, how M&S handles this crisis could have lasting effects on its brand reputation and customer loyalty.
