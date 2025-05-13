M&S admits customers' personal data was stolen by hackers in cyber attack

13 May 2025, 08:48 | Updated: 13 May 2025, 09:21

Marks and Spencer on Oxford Street in London.
Marks and Spencer on Oxford Street in London. Picture: Alamy

By Henry Moore

Retail giant Marks & Spencer has revealed that customer personal data has been taken by hackers after being hit by a damaging cyber attack.

Chief executive Stuart Machin said the data had been accessed due to the “sophisticated nature of the incident” but stressed that this does not include payment or card details, or account passwords.

He has written to shoppers to alert them over the data breach, but said there is “no need for customers to take any action”.

The high street chain did not say how many customers had been affected.

Marks and Spencer
Marks and Spencer. Picture: Alamy

In a social media post, Mr Machin said: “We have written to customers today to let them know that unfortunately, some personal customer information has been taken.

“Importantly, there is no evidence that the information has been shared and it does not include usable card or payment details, or account passwords, so there is no need for customers to take any action.

“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online.”

The group has not been able to take any orders through its website or app since April 25 as it tries to resolve the problem.

The incident first caused problems for the retailer’s contactless payments and click and collect orders, while it has also impacted some availability in stores.

A hacking group operating under the name Scattered Spider has been linked to the attack, according to reports.

Who are hacking group Scattered Spider?

A collective group of cyber attackers, Scattered Spider have gained themselves quite a reputation in the hacking world and are even linked to system attacks on other huge companies such as MGM Resorts and US casino brand Caesars, costing them millions.

Scattered Spider are said to be a cybercriminal group who typically targets large companies and their IT desks.

Also known as Octo Tempest, they are thought to be unusual because they are English and American, with many groups like this typically being based in Russia.

Previous Scattered Spider findings have said participants in this group are surprisingly young, in their mid-20s, with some as young as 16.

Why would a hacking group like Scattered Spider attack M&S?

It's believed a hacking group encrypted important Marks and Spencer systems using ransomware - a technique which means companies are forced to consider a ransom to be able to unlock their systems once again.

Tim Mitchell, a senior security researcher at Secureworks, told The Guardian: "Their motivation appears to be as much about bragging rights on those channels [where they communicate] as about money.”

