Newsletter
Subscribe
Subscribe

Marks & Spencer to claim €118m after cyber attack

Marks & Spencer’s boss
/ 15th May 2025 /
Subeditor

Marks & Spencer is to claim for up to £100m (€118m) in losses as it grapples with a devastating cyber attack over Easter, writes Emily Hawkins.

The retailer, which this week wrote to at least 18m customers to admit hackers had stolen personal data, has lost millions of pounds in sales after suspending online shopping nearly three weeks ago.

UK Labour MP Liam Byrne, chairman of the business select committee in Parliament, yesterday said the attack on M&S and other retailers including the Co-op and Harrods was of “huge concern”.

The Co-op said it was “taking steps to bring systems gradually back online in a safe and controlled manner” as customers continue to be met with empty shelves after its stock system was thrown into disarray two weeks ago, adding that there would be improved stock availability at its 2,500 shops this weekend.

All forms of payment are now accepted after some shops could not take card payments.

Business Bulletin

Customers have also had data stolen by a shadow gang called DragonForce, which claims to be behind the attacks on M&S and Harrods too.

M&S last night would not comment on when shoppers can expect to see online shopping return.

And it cancelled an event which would have seen it showcase its food ranges to influencers next week.

Experts say the scale of the M&S attack means a “large chunk” of the British population has been put on red alert that their data may have fallen into the hands of criminals.

But its cyber policy will cover it for losses of as much as £100m, according to the Financial Times.

It is thought that insurer Allianz will pay at least £10m while cyber specialist Beazley is also on the hook.

M&S chief executive Stuart Machin said this week that “unfortunately, some personal customer information has been taken” but this did not include any card or payment details or account passwords.

He insisted there is no suggestion hackers have shared the data and said “there is no need for customers to take any action”.

But the retailer told customers to be vigilant towards fraudsters, saying they may “receive emails, calls or texts claiming to be from M&S when they are not”.

Machin added: “Everyone at M&S is working around the clock to get things back to normal for customers.”

M&S did not explain why it had only told customers of the data breach after it announced it was hacked just after Easter.

Marks & Spencer
Customers have also had data stolen by a shadow gang called DragonForce, which claims to be behind the attacks on M&S and Harrods too. Photographer: Chris Ratcliffe/Bloomberg via Getty Images

Analysts estimate M&S has lost more than £70m of online business.

Dan Coatsworth, analyst at AJ Bell, said: “M&S has a duty to inform customers as soon as possible if their personal information has been illegally accessed, so it’s worrying the retailer took so long to go public.”

Sign up to The Business Plus Panel to help shape the business decisions of tomorrow and win vouchers for your opinions! 
chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram