M&S Cyber Attack

M&S Cyber Attack 2025: What Happened, What Was Stolen, and What You Should Do

In April 2025, retail giant Marks & Spencer (M&S) fell victim to a massive ransomware attack attributed to the DragonForce group, causing widespread disruption and exposing sensitive customer data. This isn’t just another breach, it’s a wake-up call for UK retailers and millions of online shoppers.

How Big Was the M&S Data Breach?

According to reports, the attack compromised the personal data of thousands of M&S customers. While payment details and account passwords were not stolen, the attackers accessed:

  • Full names
  • Email and home addresses
  • Phone numbers
  • Dates of birth
  • Online order history
  • Household and masked card information
  • M&S credit/Sparks Pay card reference numbers (no financial data)

This is the kind of data cybercriminals use to craft targeted phishing scams and identity theft operations.

Timeline of the M&S Cyber Incident

  • April 22: M&S detects a cyber incident.
  • April 25: Online sales suspended.
  • April 29: Links to the Scattered Spider hacking group surface.
  • May 13: M&S confirms the breach and asks all users to reset passwords.

The Financial Fallout

£4 million per day — that’s what M&S is estimated to be losing in online sales.
£1.2 billion+ market value wiped out in days.
Contactless payments and click-and-collect services remained down for weeks.

Even more alarming, this breach comes as part of a coordinated cyber assault on UK retailers, with Co-op and Harrods also reporting simultaneous attacks.

Why This Data Breach Matters to You

While M&S says there’s “no evidence” the stolen data has been leaked, cybersecurity experts are skeptical. As Marijus Briedis of NordVPN warns:

“Even seemingly harmless data like an order history or email address can fuel highly convincing phishing attacks.”

Once in the wrong hands, this type of information can be used for social engineering, scam emails, or even impersonation.

What Should M&S Customers Do Now?

  1. Change your M&S account password — immediately.
  2. Watch for suspicious emails posing as M&S.
  3. Enable two-factor authentication wherever possible.
  4. Monitor bank statements and personal credit reports.
  5. Report phishing emails or scams to the National Cyber Security Centre (NCSC).

M&S Response: “We’re Sorry, But No Financial Data Was Stolen”

M&S CEO Stuart Machin said:

“We are truly sorry for the inconvenience. While passwords and payment info weren’t accessed, we’re asking all customers to reset their accounts for peace of mind.”

But some experts believe M&S downplayed the impact. Max Vetter, ex-Scotland Yard investigator, says M&S’s “no action required” message may actually mislead users into a false sense of security.

Final Thoughts

This incident proves that retailers must treat all customer data — not just financial info — as critical. The M&S breach isn’t just about one company. It’s a cautionary tale for every business and consumer in the digital age.

Stay safe. Stay alert. Don’t wait until it’s your data being stolen.

Meet Kathryn, a dedicated writer and blogger who immerses herself in the world of literature on Google Reads.
I create concise summaries that make complex books accessible to everyone, while also crafting engaging content to help students excel in their exams. Join me on this journey as I transform reading into a valuable resource for all, turning literature and learning into an enjoyable experience!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *