Marks and Spencer advises customer caution as retailer provides update on devastating cyber attack

Jayne Wall, who looks after customer service at M&S. has emailed customers with an update on the cyber attack that happened some three weeks ago and has left the retailer struggling to get services back to normal, with online orders still suspended and many store shelves empty.

In the email, she says: “I am sure that you will have seen in the news that we have been dealing with a cyber incident and I wanted to write to you about what this means for you. To proactively manage the incident, we immediately took steps to protect our systems and engaged leading cyber security experts. We also reported the incident to relevant government authorities and law enforcement, who we continue to work closely with.”

She adds: “Unfortunately, the nature of the incident means that some personal customer data has been taken, but there is no evidence that it has been shared. The personal data could include contact details, date of birth and online order history. However, importantly, the data doe not include useable card or payment details, and it also does not include any account passwords.”

Customers, she stresses, do not need to take any action, but they might receive emails, calls or texts claiming to be from M&S when they are not, so caution is the order of the day. “Remember that we will never contact you and ask you to provide us with personal account information, like usernames, and we will never ask you to give us your password,” Wall states.

Further details here.

Wall concludes: “To give you extra peace of mind, next time you visit or login to your M&S.com account on our website or app, you will also be prompted to reset your password. We sincerely apologise for any inconvenience caused to you and all of our customers. Thank you so much for shopping with us and for your support, we never take it for granted.”

No plan in place

Earlier this month, an M&S insider talked to Sky News about chaotic scenes at the UK high street giant as the cyber attack continued to hit hard.

M&S has not said what or who knocked out its online ordering systems, paused deliveries and left empty shelves in stores. But it has been linked to a hacking collective known as Scattered Spider.

The insider told Sky News: “We didn't have any business continuity plan [for this], we didn't have a cyber attack plan. In general, it's lots of stress. People have not been sleeping, people have spent their weekends working, people sleeping in the office - just reactive response."

They added: "The idea is to have some services go back online bit by bit. Not do the whole shebang, but allow the people in the store and to allow people online to have services. We're kind of figuring it out as we go. We're not even allowed to use our work devices, so we're having to use our personal devices, all sorts of things.”

"It's just impossible to work because anything about the incident, we're not allowed to talk about on Teams, which is our usual way of chatting… So we have to use WhatsApp to talk to each other."

There is a "sense of paranoia and therefore not everyone knows everything, because we don't know who has been compromised. They are still trying to figure things out."

An M&S spokesperson said: "We have robust business continuity plans and processes in place for managing incidents, led by an experienced team."

2025 RTIH INNOVATION AWARDS

Cyber security will be a key focus area at the 2025 RTIH Innovation Awards.

The awards, which are now open for entries, celebrate global tech innovation in a fast moving omnichannel world.

Our 2024 hall of fame entrants were revealed during an event which took place at RIBA’s 66 Portland Place HQ in Central London on 21st November, and consisted of a drinks reception, three course meal, and awards ceremony presided over by comedian Lucy Porter.

In his welcome speech, Scott Thompson, Founder and Editor, RTIH, said: “The event is now into its sixth year and what a journey it has been. The awards started life as an online only affair during the Covid outbreak, before launching as a small scale in real life event and growing year on year to the point where we’re now selling out this fine, historic venue.”

He added: “Congratulations to all of our finalists. Many submissions did not make it through to the final stage, and getting to this point is no mean feat. Checkout-free stores, automated supply chains, immersive experiences, on-demand delivery, next generation loyalty offerings, inclusive retail, green technology. We’ve got all the cool stuff covered this evening.”

“But just importantly we’ve got lots of great examples of companies taking innovative tech and making it usable in everyday operations - resulting in more efficiency and profitability in all areas.”

Congratulations to our 2024 winners, and a big thank you to our sponsors, judging panel, the legend that is Lucy Porter, and all those who attended November's gathering. 

For further information on the 2025 RTIH Innovation Awards, please fill in the below form and we will get back to you asap.