**M&S Warns Customers Following Major Ransomware Cyber Attack**
Marks & Spencer (M&S), one of the UK’s iconic high street retailers, has issued a warning to its customers after falling victim to a significant ransomware attack earlier this year. The incident, which forced the company to take its online store offline in April, is expected to result in an estimated financial hit of around £300 million.
Earlier this week, M&S took careful steps to relaunch its website, allowing shoppers once again to order select fashion and homeware items for delivery across England, Scotland, and Wales. However, the retailer has been transparent in admitting that some customer data was compromised during the cyber breach. This includes sensitive personal information such as names, email addresses, phone numbers, postal addresses, dates of birth, and details of previous online orders.
In response to customer concerns, WalesOnline reached out to Penetration Tester Kian Rogers of cyber security firm SecQuest, who explained the potential consequences for shoppers. Mr Rogers stated, “The main risk now facing affected customers is not necessarily the loss of passwords, as M&S has confirmed none were stolen, but rather the increased likelihood of scams and phishing attempts using the stolen information.”
M&S has reacted swiftly by requiring every online user to set a new password upon their next login, even though passwords were not compromised in the theft. This measure is seen as an important preventative step, providing reassurance as the company continues to investigate the full extent of the breach.
Given the type of data involved, experts warn that customers should stay vigilant against a heightened risk of malicious contacts. “Attempted scams might arrive in the form of realistic emails or phone calls,” Mr Rogers added. “Fraudsters may try to use personal information such as names and order details to appear convincing, tricking customers into revealing more information or clicking on suspicious links.”
While M&S has assured shoppers that payment data remains secure and that there is currently no evidence the stolen customer information has been published or weaponised by criminals, risks still remain. Cybercriminals have become increasingly adept at exploiting leaked details not only for direct financial scams but also for launching targeted phishing campaigns aimed at gathering more confidential information.
At present, only a limited range of M&S’s most popular products are available for online purchase and delivery, though the retailer promises that the full product lineup should become accessible in the coming weeks. Service to Northern Ireland, as well as the Click & Collect option, is also set to resume soon. Company representatives have expressed gratitude to their loyal customer base for their patience and understanding during what has been a challenging period.
In an official statement, an M&S spokesperson said, “A selection of our best-selling fashion ranges are now available for home delivery, with more products being added every day. We sincerely appreciate your support and your commitment to shopping with us.”
Looking ahead, M&S hopes to soften the projected financial impact through a blend of cost-saving measures, potential insurance payouts, and strategic adjustments across the business. The company has also reiterated its commitment to enhancing its cyber security infrastructure and maintaining open communication with customers as services continue to return to normal.
The broader retail sector is certain to watch closely how the situation unfolds, with many industry experts calling for heightened vigilance around cyber security measures. Incidents such as this underline just how crucial it is for retailers and consumers alike to protect sensitive data in an increasingly digital world.
Customers are encouraged to remain alert for any suspicious communications that appear to come from M&S, and to report them promptly. As a precaution, shoppers should monitor account activity and remain cautious of unsolicited contacts requesting private information. M&S has stated that they will provide further updates as their investigation develops.
This incident marks a stark reminder that even well-established brands are not immune to the evolving threats posed by cybercriminals. The responsibility now, for both businesses and individuals, is to remain aware and proactive in guarding against future attacks.