What: Marks & Spencer confirms customer data breach in ongoing cyber attack that has disrupted operations for three weeks and suspended online trading.

Why it is important: As part of a broader pattern affecting major retailers like Harrods and Co-op, this attack is driving industry-wide changes in cyber security measures and insurance costs.

Marks & Spencer has disclosed a sophisticated cyber attack that has compromised customer personal data and severely disrupted its operations for nearly three weeks. While the retailer confirms that no useable payment details or account passwords were accessed, the incident has forced the suspension of online trading, which typically generates £4 million daily in clothing and home sales. The attack has significantly impacted various services, including contactless payments and click-and-collect operations. This breach follows similar incidents at other major retailers, including Harrods and the Co-op, indicating an escalating pattern of cyber threats in the retail sector. The incident has prompted M&S to implement additional security measures, including mandatory password resets for customer accounts. The company maintains transparent communication with affected customers, emphasising that while data has been accessed, there is no evidence of it being shared externally.

IADS Notes: Recent data from April 2025 reveals that ransomware accounts for 30% of retail security incidents, with average losses reaching £1.4 million per attack. The M&S breach, executed by the Scattered Spider hacking group, has wiped £700 million off the retailer's market value and disrupted £3.5 million in daily digital sales. This incident, followed by attacks on Harrods and Co-op in May 2025, has contributed to a 10% increase in cyber insurance premiums across the UK retail sector, marking a significant shift from the previous trend of declining rates.

Marks & Spencer customer data stolen during cyber attack