Marks Spencer reveals customer data taken by hackers after cyber attack

Retail giant Marks & Spencer has revealed that customer personal data has been taken by hackers after being hit by a damaging cyber attack.

Chief executive Stuart Machin said the data had been accessed due to the “sophisticated nature of the incident”, but stressed this does not include payment or card details, or account passwords.

He has written to shoppers to alert them over the data breach, but said there is “no need for customers to take any action”.

The high street chain did not say how many customers had been affected.

In a social media post, Mr Machin said: “We have written to customers today to let them know that unfortunately, some personal customer information has been taken.

“Importantly there is no evidence that the information has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action.

“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online.”

The group has not been able to take any orders through its website or app since April 25 as it tries to resolve the problem.

The incident first caused problems for the retailer’s contactless payments and click and collect orders, while it has also impacted some availability in stores.

A hacking group operating under the name Scattered Spider has been linked to the attack, according to reports.

Published: 13/05/2025 by Radio NewsHubClick here to read this story in full at Radio News Hub