Some customer data stolen in cyberattack, M&S reveals

By Benjamin Chiou

Date: Tuesday 13 May 2025

(Sharecast News) - High street stalwart Marks & Spencer revealed on Tuesday that customer information was stolen in the cyberattack that hit operations three weeks ago.
The company, which still has a pause on all online orders and its click and collect service since the cyber incident was first reported on 22 April, said the "some" of customers' personal data was taken by hackers "due to the sophisticated nature of the incident".

"The personal data taken could include contact details - such as name, email address, addresses, telephone number - date of birth, online order history, household information and 'masked' payment card details used for online purchases," M&S said in an FAQ section on its website.

However, the company stressed that the stolen data does not include "useable" payment or card details, which it does not hold on our systems, or any account passwords.

There is also no evidence that this data has been shared, it said, informing customers that no action was needed.

"For extra peace of mind, they will be prompted to reset their password the next time they visit or log onto their M&S account and we have shared information on how to stay safe online," the retailer said.

Shares in the high street firm, while up 1% on Tuesday, have fallen by around 15% since the incident was first reported.

« Go back to news channel

Email this article to a friend

or share it with one of these popular networks:

• DIGG
• FACEBOOK
• STUMBLEUPON
• MIXX
• YAHOO BUZZ
• DELICIOUS
• REDDIT
• NEWSVINE