Are you or have you been an M&S customer? Was your data breached in the 2025 hack? If so, join the M&S data breach claim for justice and compensation.
No-win, no-fee
Expert help
Save time
Get compensation
Overview
In spring 2025, Marks & Spencer (M&S) experienced a devastating cyberattack that forced the retailer to suspend online orders, disable its website and mobile apps, and issue mass refunds. Initially, M&S said there was “no evidence” that personal data had been accessed. But over two weeks later, it confirmed a data breach involving customer information.
This delay could have left affected customers vulnerable as affected individuals missed the opportunity to take swift action to protect themselves.
While M&S says payment details and passwords weren’t accessed, private information was exposed. Millions of customers who shop online, use the app, or hold loyalty accounts could potentially be affected.
Cyberattacks are far more likely to succeed when a company lacks strong data security measures. As such, lawyers are now pursuing legal action on behalf of those affected by the M&S data breach.
If you’ve been notified that your data was compromised, you may be entitled to join a claim for compensation.
Our simple eligibility checker provides instant clarity. Answer a few straightforward questions, and you’ll know if you could qualify to join a M&S data breach group action claim.
M&S data breach – At a glance
Could you qualify for a NO-WIN, NO-FEE Marks & Spencer compensation claim? Find out instantly with our easy-to-use checker.
If eligible, and you want to join the claim, register your interest and we’ll connect you with a regulated UK law firm.
Answer a few quick questions to see if you qualify to join the claim.
If eligible, provide a few extra details to uncover the regulated law firm ready to take on your case.
Ready to proceed? We’ll help you register with the law firm. They’ll manage your claim and keep you updated – all on a no-win, no-fee basis.
August 2025
Nearly four months after the data security incident, Marks and Spencer resumed its Click and Collect service for online orders.
June 2025
In partnership with a regulated UK law firm, we opened registration to the Marks & Spencer data breach compensation claim.
17 May 2025
According to media reports, the hackers gained entry through a third party who had access to the company's systems.
16 May 2025
A leading data breach law firm launches a Marks & Spencer data breach case.
13 May 2025
M&S confirms that customer data has been accessed in the breach, though it states that payment information and passwords are not among the compromised details.
9 May 2025
M&S still insists there is “no evidence” of customer data being compromised, focusing communication on operational issues.
7 May 2025
Reports emerge that the hacking group Scattered Spider is behind the attack, using social engineering tactics to access internal systems.
Early May 2025
M&S confirms it is dealing with a “crisis-level” IT issue and suspends online and app-based ordering. Refunds are issued for disrupted purchases.
Late April 2025
Marks & Spencer experiences a cyberattack over the Easter weekend. Signs of disruption begin to appear across all M&S digital platforms. Customers report problems accessing the website and placing orders via the app.
We’ll provide more updates on this case as they occur.
Find out if you could join the no-win, no-fee Marks & Spencer data breach claim.
It will only take a few minutes, and there’s no obligation to proceed.
The cyberattack has been linked to the hacking group Scattered Spider. Reports indicate that the attackers used social engineering tactics, such as impersonating employees, to gain access to M&S’s internal systems. Once inside, they deployed ransomware, causing major disruption – with confirmation that customer data has been accessed.
While the company says no payment data or passwords were exposed, names, contact details, and other personal information may have been compromised.
If your data was exposed in this breach, you may be eligible to claim compensation for:
We’ve seen similar cases result in compensation payouts.
M&S’s delay in confirming the data breach has left many customers vulnerable. Without early notice, affected individuals missed the opportunity to take swift action to protect themselves. Under UK data protection law, organisations are expected to notify customers without undue delay when personal data has been exposed.
Yes, if your data was part of the breach, you will be contacted directly with more details. If you receive notification of your involvement in the data breach, you could be due compensation.
We cannot say how much compensation you might get if you win your data breach case. Each claim is based on its merits and your solicitor will work to get the compensation owed to you.
We won’t charge you a single penny. And we ensure any law firms we connect you with operate on a no-win-no-fee basis. If you win, the law firm will either take its fees from your compensation payment or recover these from the defendants.
A no win, no fee agreement means you don’t pay your solicitor’s legal fees if your claim is unsuccessful. This makes it easier and more affordable to take part in group litigation. However, T&Cs apply.
Want the full picture, including what to check before signing? Read our complete guide to no win, no fee agreements here.
In the UK, if a group of people have experienced loss, or otherwise been harmed by an organisation’s law breaking, they can come together to fight for justice. Levelling the playing field when standing up to big businesses, group actions prove that there is strength in numbers. At Join the Claim, we bring consumers and law firms together to ensure these group actions are as powerful as possible.
We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.
Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.
Join the Claim is a registered trading name of Big on Media ltd. Big on Media is registered in the United Kingdom under licence number 09878028 with its registered office located at Big on Media, 6 Sunderland Street, Tickhill, Doncaster, DN11 9QJ
© Join the Claim All Rights Reserved | 2025
