Marks & Spencer Confirms Customer Data Was Stolen in Ransomware Attack. Here’s What You Need to Know.

Last month, retail giant Marks & Spencer (M&S) suffered a ransomware attack that disrupted operations across its 1,400 stores and forced a temporary halt to online orders. This week, the company has confirmed that customer data was stolen during the cyberattack, raising serious privacy concerns for millions of shoppers.

Since the incident occurred on April 22, 2025, M&S has conducted an internal investigation and CEO Stuart Machin has confirmed the theft of sensitive customer information.

“Some personal customer information has been taken,” Machin stated in a Facebook post. “There is no evidence that the information has been shared and it does not include usable card or payment details, or account passwords.”

Despite reassurances, customers are understandably concerned.

What Data Was Stolen?

An FAQ published by M&S lists the following exposed data types:

• Full name
• Email address
• Home address
• Phone number
• Date of birth
• Online order history
• Household information
• Sparks Pay reference numbers
• “Masked” payment card details (in accordance with PCI-DSS standards)

Although payment card details are partially redacted and no passwords were included, this type of personal information is extremely valuable for cybercriminals, particularly for phishing and identity theft schemes.

What Should You Do If You're an M&S Customer?

Marks & Spencer states that no immediate action is required, but advises customers to watch out for suspicious emails, texts, or calls claiming to be from M&S.

That said, exposed personal information can still be used to craft convincing phishing attacks, attempt account takeovers on other platforms using reused or similar credentials, commit identity fraud.

 Take Control of Your Digital Identity Now

If your data was exposed—even partially—you don’t have to simply wait and hope for the best. With Bitdefender Digital Identity Protection (DIP), you can:

• Instantly find out if your personal info has been leaked in this or other data breaches
• Get real-time alerts if your data appears on the Dark Web or suspicious databases
• See which of your passwords, emails, or account details may have been compromised
• Receive personalized risk insights and action steps to lock down your identity

Think of DIP as a personal radar that constantly scans for threats to your identity, so you can act before cybercriminals do.

Security Tips for M&S Customers and Beyond

While M&S has taken steps to notify affected customers and implement stronger protections, here’s what you can do to reduce your risk:

1.      Reset your M&S password

Even though passwords were not leaked, M&S will prompt users to reset them at the next login as a precaution. Use a unique, strong password you haven’t used elsewhere. If your M&S password and email address are linked to additional online accounts, reset passwords to those accounts as well.

If you’re short of ideas for new passwords, use Bitdefender Free Password Generator to create strong and unique passwords for all of your online accounts.

2.      Enable two-factor authentication (2FA)/ multi-factor authentication

If your email or other accounts use the same contact info as your M&S profile, enable 2FA/MFA wherever possible.

3.      Be on the lookout for phishing attempts and scams

Be wary of any emails, messages, or calls pretending to be from M&S—especially those requesting personal information. M&S will never ask for your password.

Not sure if an email or message is a scam? Just send it to Scamio, Bitdefender’s free AI-powered scam detector, via chat on Facebook Messenger, WhatsApp, browser or Discord. Scamio analyzes messages, links, or screenshots to help you spot fraud before you fall for it.

4.      Avoid clicking suspicious links

Don’t click on attachments or links from unknown senders, even if they appear related to this incident. Worried a suspicious link might lead to malware or a fake login page? With Bitdefender Link Checker, you can paste a link and scan it for hidden dangers—without clicking it.

The best response is a proactive one: monitor your identity, stay informed, and use tools designed to alert and protect you.