Marks & Spencer has confirmed a ransomware attack that exposed sensitive customer data and caused disruptions to its online shopping services. The attack took place over the Easter weekend and was claimed by the ransomware group DragonForce, which also recently targeted Co-op and Harrods.
The UK retail giant reported the incident in a filing to the London Stock Exchange. It described the breach as a sophisticated cyberattack that forced the company to pause online purchases. M&S has since notified affected customers and launched an internal investigation.
According to an update on its website, the Marks & Spencer ransomware attack led to unauthorized access to personal customer information. The stolen data includes names, addresses, email addresses, phone numbers, dates of birth, order history, and household details. The hackers also accessed masked payment card data used during online checkouts.
For customers who used M&S credit cards or the Sparks Pay service, additional customer reference numbers may have been exposed. However, Marks & Spencer confirmed that it does not store full payment card numbers or account passwords. This means the risk of direct financial theft is limited.
In response to the breach, the company reset all customer account passwords. Shoppers will now need to create new passwords when signing in to their M&S accounts. The company also launched a customer support page with details of the breach and tips on how to stay safe.
Although there is no current evidence that the stolen data has been leaked online, M&S warned customers to remain cautious. The retailer urged users to be alert for phishing attempts, especially emails, calls, or text messages that pretend to be from Marks & Spencer. These fake messages might ask for personal or banking information.
Cybersecurity experts say attackers may use the stolen data to run convincing scams. Joe Jones, CEO of cybersecurity firm Pistachio, warned that these attacks often come next. “With enough personal context, cybercriminals can send messages that seem real. Fake delivery updates, password reset links, or urgent alerts might all be part of the trap,” he said. “M&S customers should treat any unexpected message with care.”
The Marks & Spencer ransomware attack shows how vulnerable major retailers can be. As digital shopping grows, so do the risks. Cybercriminals now target consumer-facing brands that manage large volumes of personal data, especially during busy periods like holidays.
Marks & Spencer is now working with cybersecurity professionals to investigate the breach and improve its systems. The company says it remains committed to protecting customer data and restoring full online services as quickly as possible.
In the meantime, M&S shoppers are advised to stay vigilant. Even without direct payment data being leaked, the stolen information could still be used in targeted scams. Customers should avoid clicking suspicious links, ignore unknown messages, and never share personal details unless they are sure the request is legitimate.
