A major UK retailer has confirmed that customer data was stolen during a recent cyberattack. The incident, which occurred on 22 April 2025, led to the temporary suspension of online orders while security measures were escalated.
© Endewer | Dreamstime
Marks & Spencer (M&S) has since brought in leading cybersecurity experts to manage the situation and is working closely with government authorities and law enforcement. The company has begun notifying customers about the breach.
In a public update, M&S stated that the compromised data includes personal customer information but does not involve account passwords or any usable payment or card details. 'There is no evidence that this data has been shared,' the company said.
Customers have been advised there is no action required on their part. As a precaution, M&S will prompt users to reset their account passwords the next time they log in. The company has also issued guidance on how to stay safe online.
An M&S spokesperson said: 'As part of our proactive management of the incident, we have taken steps to protect our systems and engaged leading cybersecurity experts.' The retailer added that it is "grateful for the support" shown by customers, staff, and partners.
The incident highlights the growing risk of cyber threats to national retailers and the importance of robust digital defences.
Source: www.bigfurnituregroup.com