Marks & Spencer (M&S) has now confirmed that customer data has been compromised following a major cyberattack that forced the retailer to shut down its online ordering systems and mobile app. This latest development will be alarming to millions of UK shoppers who trust M&S to keep their personal information safe.
We now know that this was more than just an operational disruption – it’s a serious data breach. And if your personal information was exposed, you could be entitled to compensation under UK data protection law.
What has happened?
The cyberattack has been linked to a hacking group. Reports indicate that the attackers employed social engineering tactics, such as impersonating employees, to gain access to M&S’s internal systems. Once inside, they deployed ransomware, leading to significant operational disruptions – with confirmation that customer data has been accessed.
While the exact number of affected individuals hasn’t yet been confirmed, reports suggest that personal information, including names, contact details, or other sensitive data, may have been compromised in the breach.
If your data was exposed in this breach, you could now be at risk
In situations like this, cybercriminals often rely on confusion and urgency to trick people into making quick decisions. If you are an M&S customer, it’s important to stay alert and take steps to protect yourself.
Find out how to safeguard your information and avoid falling victim to scams here.
If your data has been breached, you may be eligible to claim compensation for:
- Financial loss from fraud or identity theft
- Emotional distress caused by loss of control over your personal data
- Time and inconvenience spent dealing with the fallout.
We’ve seen similar cases before – and we’re preparing now, in case this becomes one.
What should you do now?
If you’re a Marks & Spencer customer and you’re concerned your data may have been exposed, here’s what we recommend:
- Monitor your bank accounts and credit reports closely for unusual activity.
- Change any passwords that are the same as or similar to your M&S login details.
- Be alert to phishing scams – especially emails or texts claiming to be from M&S or your bank.
- Register your interest in a potential M&S data breach claim now.
As of now, there is no indication that payment details or passwords have been accessed, but it is best to be safe
We’re currently collecting the details of affected customers in case a data breach claim is launched. Registering your interest is free, confidential, and there’s no obligation to proceed. If a claim moves forward, it will likely be offered on a no-win, no-fee basis.
Why the delay matters
M&S initially stopped short of confirming whether customer data had been compromised, leaving many customers in the dark for weeks. This kind of delay only makes matters worse. When people aren’t told quickly that their data might be at risk, they lose the chance to take immediate protective steps, like changing passwords or monitoring accounts.
Under UK data protection law, companies are expected to inform affected individuals without undue delay. If you believe the late notification left you vulnerable or caused you distress, that may be an important factor in any future claim.
Register with Join the Claim
This is a fast-moving situation, and we’ll continue to provide updates as more information becomes available.
If you’ve been notified that your data was compromised, you may be entitled to join a future claim for compensation. Our simple eligibility checker provides instant clarity. Answer a few straightforward questions, and you’ll know if you could qualify to join a future data breach group action claim.
