U.K. retail giant Marks & Spencer has disclosed that customer data was compromised during a recent cyberattack. In a statement filed with the London Stock Exchange, the company confirmed an unspecified amount of personal information was stolen during a ransomware incident that began last month.
According to a letter shared online by the company, the compromised data includes customers’ names, dates of birth, home and email addresses, phone numbers, household details, and records of online orders. In response, Marks & Spencer announced that it is resetting passwords for all customer online accounts as a security precaution.
The hack has severely disrupted Marks & Spencer’s business operations. Several store locations continue to face disruptions, including shortages leaving grocery shelves empty, and the company’s online ordering system remains unavailable following the attack.
Marks & Spencer did not reveal precisely how many customers were affected by the breach. The retailer declined to provide further specifics when asked for details, referring instead to its published statement. As of the end of March 2024, Marks & Spencer reported having around 9.4 million online customers.
Responsibility for the breach has reportedly been claimed by DragonForce, a ransomware and extortion group tied to a broader series of recent cyberattacks targeting major retail brands in the United Kingdom. Around the same period as the Marks & Spencer incident, similar attacks struck popular retailers Co-op and Harrods. Although the Co-op initially indicated no data had been stolen, the company later confirmed that customer information had indeed been compromised. Media reports quote DragonForce as claiming it obtained private information on about 20 million Co-op membership sign-ups.
The U.K. National Cyber Security Centre confirmed it is actively assisting impacted businesses and collaborating with law enforcement to investigate the scope and method of these attacks.
