A Marks Spencer store sign. The British department store is a retail institution in the UK.

Marks & Spencer cyberattack: What you need to know – and how to protect yourself and your rights

Update: On 13 May 2025, Marks & Spencer confirmed that customer data had been compromised in the cyberattack. You can find out more here. 

Marks & Spencer (M&S), one of the UK’s most trusted retailers, is currently responding to a major cyberattack that has forced it to suspend online orders, disable its website and mobile apps, and issue mass refunds. According to reports, a hacking group called Scattered Spider is behind the attack.

While the full scale of the incident is still unfolding, customers across the UK are left asking one critical question: Was my personal data compromised in a M&S data breach?

What we know so far about the Marks & Spencer cyberattack

According to media reports, M&S experienced a “crisis-level” cybersecurity breach over the weekend. As of this week:

  • Online and app-based ordering systems are down
  • Refunds have been issued for disrupted purchases
  • Remote workers have been shut out of IT systems
  • The company is working urgently with cybersecurity experts.

No official confirmation has yet been given on whether customer data (names, addresses, contact information, or payment details) was accessed.

What happens if there has been a Marks & Spencer data breach?

If it emerges that personal information has been compromised, affected customers may be entitled to compensation under UK data protection laws. Data breach claims can cover:

  • Financial loss from fraud or identity theft
  • Emotional distress caused by loss of control over your personal data
  • Time and inconvenience spent dealing with the fallout.

We’ve seen similar cases before – and we’re preparing now, in case this becomes one.

What should you do now?

As of yet, there is no indication that customer data has been accessed in the M&S cyberattack. But you don’t need to wait for confirmation before taking action.


If you’re a M&S customer, it’s wise to:

  • Monitor your emails and bank accounts for suspicious activity
  • Change your password if you reused your M&S login elsewhere
  • Watch out for updates. If a data breach is confirmed, we’ll let you know and guide you through your rights.

Stay informed

If you’ve used the M&S website or app, you could be affected if it becomes clear that personal data has been compromised.

Customers who want to stay updated or potentially join a future no-win, no-fee data breach claim should check their eligibility and register below.

Check my eligibility now

Found this helpful? Share it

Facebook
Twitter
WhatsApp
LinkedIn
Email

Or

You may also like:

Can BMW drivers claim compensation for the diesel emissions scandal?

BMW faces legal action over emissions-cheating software. Learn what the scandal involves, who is affected, and what it means for UK diesel car owners.

Asda equal pay claim: Can store workers fight for fair wages?

Asda store workers may be underpaid. Check if you qualify for an equal pay claim and take action to seek the compensation you deserve.

Capita data breach: Legal response & ongoing investigations

Capita’s data breach exposed pension holders’ personal data. Stay updated on the latest legal action, investigations, and regulatory responses.

You might also like

See more resources

Several bottles of Johnson's baby powder on a store shelf, symbolising the Johnson and Johnson talc lawsuit over alleged asbestos contamination and cancer risks.
  • Health & Medical, News

Johnson & Johnson talc lawsuit in the UK: What you need to know

A UK lawsuit claims Johnson & Johnson’s talc products cause cancer. Learn about the case,...
Low-angle view of people walking in a city, symbolising unity and collective action, related to key facts about group litigation for seeking justice.
  • News

10 must-know facts about group litigation for first-time claimants

Discover 10 essential facts about group litigation for first-time claimants. Learn how joining a group...
  • News, Travel

How to claim compensation for flight delays or cancellations in the UK

Delayed 3+ hours or had a cancelled flight? You could claim up to £520 under...

Did you know we have a newsletter?

Sign up for our newsletter to stay up to date.

We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.

claims
About
Legal
Connect

Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.

Join the Claim is a registered trading name of Big on Media ltd. Big on Media is registered in the United Kingdom under licence number 09878028 with its registered office located at Big on Media, 6 Sunderland Street, Tickhill, Doncaster, DN11 9QJ

© Join the Claim All Rights Reserved | 2025

Go to claims