Marks & Spencer Data Breach Impacts Customers

Marks & Spencer Confirms Customer Data Breach

U.K. retailer Marks & Spencer has confirmed a cyberattack last month resulted in the theft of customer data. The company disclosed the breach in a statement to the London Stock Exchange.

Stolen information includes customer names, dates of birth, home and email addresses, phone numbers, household details, and online order histories. Marks & Spencer is resetting customer online account passwords.

Ongoing Disruptions

The cyberattack continues to cause disruptions and outages across Marks & Spencer stores. Some grocery shelves remain empty, and the online ordering system is offline.

The company has not disclosed the number of affected individuals. Marks & Spencer had 9.4 million online customers as of March 30, 2024, according to its annual report.

Ransomware Gang Claims Responsibility

Ransomware and extortion gang DragonForce has reportedly claimed responsibility for the cyberattacks targeting several U.K. retailers, including Marks & Spencer.

Other retailers affected around the same time include Co-op and Harrods. Co-op initially reported no data compromise but later confirmed customer data theft, including names, dates of birth, addresses, and phone numbers.

DragonForce claims to have stolen the data of 20 million Co-op members, both current and former.

Official Investigation Underway

The U.K. National Cyber Security Centre is working with the affected retailers and law enforcement to investigate the attacks.