Popular UK retail chain Marks & Spencer has confirmed that hackers stole customer data during its recent cyberattack. The company filed an update with the London Stock Exchange confirming this.
M&S’ LSE filing states that “due to the sophisticated nature of the incident, some of their personal customer data has been taken.” This data doesn’t include what details were stolen, but it does affirm that no payment data or account passwords were compromised. M&S doesn’t hold full payment details on its systems,
A customer update page on the company’s website confirmed that the stolen information includes names, birthdays, phone numbers, email addresses, home addresses, household information, and online order histories. At the time of writing, there’s no evidence of the stolen data being shared or sold online. Candid.technology did not see the data for sale on underground forums.
For now, customers don’t need to take any action, but for “extra peace of mind” M&S will force them to change their password the next time they visit or log into their M&S account. The company still hasn’t confirmed whether a ransomware attack caused the data breach, but the entire incident does bear the hallmarks of a typical ransomware attack.
Stolen data from a ransomware attack usually appears on a cybercrime forum if negotiations fail or the victim company doesn’t respond to the hackers’ demands. No major ransomware group has claimed responsibility for the attack yet.
The attack had initially forced the company to take down some of its systems and services briefly. M&S isn’t the only UK retailer facing cybersecurity issues either. Another popular retail chain, Co-op, also suffered a similar cyberattack in April 2025, forcing the company to take down parts of its IT systems as a preventive measure.
In the News: UPI outage disrupts Indian payment systems
