Marks & Spencer (M&S) has now confirmed that customer data has been compromised following a major cyberattack that forced the retailer to shut down its online ordering systems and mobile app. This latest development will be alarming to millions of UK shoppers who trust M&S to keep their personal information safe.
We now know that this was more than just an operational disruption – it’s a serious data breach. And if your personal information was exposed, you could be entitled to compensation under UK data protection law.
What has happened?
The cyberattack has been linked to a hacking group. Reports indicate that the attackers employed social engineering tactics, such as impersonating employees, to gain access to M&S’s internal systems. Once inside, they deployed ransomware, leading to significant operational disruptions – with confirmation that customer data has been accessed.
While the exact number of affected individuals hasn’t yet been confirmed, reports suggest that personal information, including names, contact details, or other sensitive data, may have been compromised in the breach.
If your data was exposed in this breach, you could now be at risk
In situations like this, cybercriminals often rely on confusion and urgency to trick people into making quick decisions. If you are an M&S customer, it’s important to stay alert and take steps to protect yourself.
Find out how to safeguard your information and avoid falling victim to scams here.
If your data has been breached, you may be eligible to claim compensation for:
- Financial loss from fraud or identity theft
- Emotional distress caused by loss of control over your personal data
- Time and inconvenience spent dealing with the fallout.
We’ve seen similar cases before – and we’re preparing now, in case this becomes one.
What should you do now?
If you’re a Marks & Spencer customer and you’re concerned your data may have been exposed, here’s what we recommend:
- Monitor your bank accounts and credit reports closely for unusual activity.
- Change any passwords that are the same as or similar to your M&S login details.
- Be alert to phishing scams – especially emails or texts claiming to be from M&S or your bank.
- Register your interest in a potential M&S data breach claim now.
As of now, there is no indication that payment details or passwords have been accessed, but it is best to be safe.
Why the delay matters
M&S initially stopped short of confirming whether customer data had been compromised, leaving many customers in the dark for weeks. This kind of delay only makes matters worse. When people aren’t told quickly that their data might be at risk, they lose the chance to take immediate protective steps, like changing passwords or monitoring accounts.
Under UK data protection law, companies are expected to inform affected individuals without undue delay. If you believe the late notification left you vulnerable or caused you distress, that may be an important factor in any future claim.
If you think you’ve been affected by the M&S data breach, you can find out more about the group action claim by clicking the button below.
Join the Claim connects consumers with SRA-regulated lawyers. Visit the claim page to check your eligibility if a claim is open with one of our trusted legal partners. If a group action has not yet been launched, you can register your interest and we’ll keep you informed if a partner firm decides to take a claim forward.
