Marks & Spencer Cyberattack Exposes Customer Data Amidst Heightened Retail Threats

Wed Oct 22 2025 22:18:54 GMT+0300 (Eastern European Summer Time)

The iconic British retailer confirms a cyber breach compromising personal data while raising alarms about increasing cybersecurity risks in the retail sector.

Marks & Spencer has disclosed that customer data was compromised in a recent cyberattack, leading to the suspension of online orders. Although sensitive payment details were not affected, the incident underscores growing cybersecurity vulnerabilities in the retail industry.

Marks & Spencer, a prominent British retail chain, announced on Tuesday that a cyberattack last month had resulted in the theft of certain customer data. This breach has severely impacted the company’s ability to process online orders, which were halted for several weeks as a precautionary measure.

In an email communication to its customers, M&S indicated that while the attack may have exposed some personal information, including contact details and dates of birth, there is currently no evidence suggesting that this information has been disseminated. Importantly, the company confirmed that neither payment information nor passwords were compromised during the incident.

The British retailer, which reported over 13 billion British pounds (approximately $17.2 billion) in revenue for the fiscal year ending March 2024, promptly reported the breach to both government and law enforcement agencies. This incident follows a wave of cybersecurity threats targeting various retailers in the U.K., including a recent attack on Harrods that led to temporary disruptions in online services.

Ransomware attacks, designed not only to steal data but also to disrupt operations, have dramatically escalated in frequency and intensity. Recently, several hospitals in the U.K. fell victim to similar incidents, causing significant operational delays. More than 800 scheduled procedures were canceled, and numerous patients had their appointments rescheduled following a severe cyber breach last year.

The perpetrators behind the recent attacks remain unidentified, and whether these incidents are interconnected is still under investigation. The National Cyber Security Center (NCSC) of the U.K. has emphasized the need for companies to take urgent action to bolster their cybersecurity measures to prevent future breaches. Richard Horne, the NCSC's chief executive, highlighted the necessity for organizations to treat these episodes as critical warnings and to implement robust defenses.

As the industry grapples with these increasing threats, M&S's experience serves as a reminder of the vital importance of safeguarding consumer information and maintaining operational integrity in the face of cyber threats. Jenny Gross, a reporter for The Times, continues to provide coverage of emerging cybersecurity concerns affecting businesses across the nation.