Marks & Spencer Confirms Customer Data Was Stolen in Ransomware Attack. Here’s What You Need to Know.

Posted on May 15, 2025May 19, 2025 by Bitdefender

Bitdefender Price

Last month, retail giant Marks & Spencer (M&S) suffered a ransomware attack that disrupted operations across its 1,400 stores and forced a temporary halt to online orders. This week, the company has confirmed that customer data was stolen during the cyberattack, raising serious privacy concerns for millions of shoppers.

Since the incident occurred on April 22, 2025, M&S has conducted an internal investigation and CEO Stuart Machin has confirmed the theft of sensitive customer information.

“Some personal customer information has been taken,” Machin stated in a Facebook post. “There is no evidence that the information has been shared and it does not include usable card or payment details, or account passwords.”

Despite reassurances, customers are understandably concerned.

What Data Was Stolen?

An FAQ published by M&S lists the following exposed data types:

Full name
Email address
Home address
Phone number
Date of birth
Online order history
Household information
Sparks Pay reference numbers
“Masked” payment card details (in accordance with PCI-DSS standards)

Although payment card details are partially redacted and no passwords were included, this type of personal information is extremely valuable for cybercriminals, particularly for phishing and identity theft schemes.

What Should You Do If You’re an M&S Customer?

Marks & Spencer states that no immediate action is required, but advises customers to watch out for suspicious emails, texts, or calls claiming to be from M&S.

That said, exposed personal information can still be used to craft convincing phishing attacks, attempt account takeovers on other platforms using reused or similar credentials, commit identity fraud.

Take Control of Your Digital Identity Now

If your data was exposed—even partially—you don’t have to simply wait and hope for the best. With Bitdefender Digital Identity Protection (DIP), you can:

Instantly find out if your personal info has been leaked in this or other data breaches
Get real-time alerts if your data appears on the Dark Web or suspicious databases
See which of your passwords, emails, or account details may have been compromised
Receive personalized risk insights and action steps to lock down your identity

Think of DIP as a personal radar that constantly scans for threats to your identity, so you can act before cybercriminals do.

Security Tips for M&S Customers and Beyond

While M&S has taken steps to notify affected customers and implement stronger protections, here’s what you can do to reduce your risk:

1. Reset your M&S password

Even though passwords were not leaked, M&S will prompt users to reset them at the next login as a precaution. Use a unique, strong password you haven’t used elsewhere. If your M&S password and email address are linked to additional online accounts, reset passwords to those accounts as well.

If you’re short of ideas for new passwords, use Bitdefender Free Password Generator to create strong and unique passwords for all of your online accounts.

2. Enable two-factor authentication (2FA)/ multi-factor authentication

If your email or other accounts use the same contact info as your M&S profile, enable 2FA/MFA wherever possible.

3. Be on the lookout for phishing attempts and scams

Be wary of any emails, messages, or calls pretending to be from M&S—especially those requesting personal information. M&S will never ask for your password.

Not sure if an email or message is a scam? Just send it to Scamio, Bitdefender’s free AI-powered scam detector, via chat on Facebook Messenger, WhatsApp, browser or Discord. Scamio analyzes messages, links, or screenshots to help you spot fraud before you fall for it.

4. Avoid clicking suspicious links

Don’t click on attachments or links from unknown senders, even if they appear related to this incident. Worried a suspicious link might lead to malware or a fake login page? With Bitdefender Link Checker, you can paste a link and scan it for hidden dangers—without clicking it.

The best response is a proactive one: monitor your identity, stay informed, and use tools designed to alert and protect you.

Bitdefender: Trusted Security for Every Device, Every Business

Bitdefender is the best and most reliable Business Antivirus Software for your organization at great price! Buy Bitdefender Antivirus Plus, Internet Security, Total Security, Mobile Security, Premium Security Software For Home Users.

For SMB & Enterprise Solutions, Order GravityZone Business Security, Business Security Premium, Business Security Enterprise, Email Security & Patch Management Business Antivirus Softwares in India at great discounted prices.

Bitdefender offers a comprehensive range of antivirus software solutions for individuals and businesses, protecting your devices from online threats like malware, ransomware, and phishing attacks.Their product lineup includes Bitdefender Antivirus Plus, Internet Security, Total Security, Mobile Security, Family Pack and Premium Security each tailored to meet specific security needs. Whether you're a home user seeking essential protection or a business requiring advanced endpoint security, Bitdefender has a solution to keep you safe online.

Bitdefender’s Total Security offers top-level protection for all your digital needs. This Premium Security solution includes advanced Internet Security to guard against online threats and comprehensive Mobile Security for Android and iOS devices. It ensures your digital life is secure with robust protection for safe browsing and data security across all platforms. With this pack, you can enjoy peace of mind knowing that your Mobile Security is safeguarded with the highest level of protection. Fortify your digital world with Antivirus Plus, Antivirus for Mac, Compare Solutions, Trial Downloads, and Bitdefender Password Manager all in one powerhouse lineup.