.svg)
Marks & Spencer (M&S) has confirmed that hackers successfully accessed and stole customer personal data in a significant cyber attack. The retail giant's Chief Executive, Stuart Machin, addressed the breach, acknowledging the "sophisticated nature of the incident." While he assured customers that payment details, card information, and account passwords were not compromised, the admission of any data theft is likely to cause concern among M&S shoppers.
In a social media statement, Mr. Machin emphasized that there is currently "no evidence that the information has been shared." As a precautionary measure, M&S will prompt customers to reset their passwords upon their next login to their online accounts and has provided guidance on online safety. The company has not yet disclosed the number of customers affected by the breach.
The fallout from the cyber attack has already had a tangible impact on M&S operations. Their website and mobile application have been unable to process orders since April 25th as the company works to resolve the underlying issues. Initially, the incident disrupted contactless payments and click-and-collect services, and it has also led to some product availability issues in physical stores.
Retail experts anticipate that this cyber attack will result in a significant financial hit for M&S. The group's upcoming annual results, scheduled for release on May 21st, will be closely scrutinized for any indication of the financial repercussions.
Reports suggest that a hacking group known as Scattered Spider is suspected to be behind the attack. The Metropolitan Police has confirmed its involvement, with detectives from their cyber crime unit actively investigating the incident. M&S is also collaborating with specialists from the National Crime Agency and the National Cyber Security Centre, who are working to understand the full scope of the breach and provide support to the company.
The Information Commissioner's Office (ICO) confirmed on May 2nd that it is also investigating the M&S cyber attack, alongside a similar incident affecting the Co-op. The Co-op has also publicly apologized to its members after hackers gained access to and extracted personal data, including names and contact details, and has similarly experienced operational disruptions.
Adding to the concerns within the retail sector, luxury department store Harrods recently confirmed an attempted cyber attack and took the precautionary step of temporarily restricting internet access across its sites. These incidents highlight the increasing threat of cybercrime facing major retailers and the potential impact on both their operations and customer trust.
