Artificial Intelligence in CX Contact Center Customer Data, Insights & Analytics Customer Experience Customer Loyalty Customer Service Voice of the Customer
Artificial Intelligence in CX Contact Center Customer Data, Insights & Analytics Customer Experience Customer Loyalty Customer Service Voice of the Customer

Customer data compromised in M&S cyber attack

M&S confirms customer data breach in cyber attack, heightening privacy concerns

Add bookmark
Amelia Brand
Amelia Brand
05/22/2025
A blue padlock

Marks & Spencer (M&S) has restored limited functionality to its website following a major cyber-attack. But, for many customers, the bigger concern now surrounds the customer data breach. As the high street giant works to bring its online services back online, the incident has become a warning against the risks that cybersecurity failures pose to customer experience (CX) and consumer trust.

The attack, described by M&S chief executive Stuart Machin as “highly sophisticated and targeted,” compromised sensitive personal information. Stolen data may include customer telephone numbers, home addresses and dates of birth - core elements of digital identity. While M&S has quickly reassured customers that payment details and passwords were not accessed, the implications for customer confidence are profound.

M&S announced that it is accelerating its digital transformation plans in response to the attack, speeding up a planned two-year overhaul of its digital operations.

Don't miss any news, updates or insider tips from CX Network by getting them delivered to your inbox. Sign up to our newsletter and join our community of experts. 

Quantifying the damage to customer trust

The breach, believed to be the work of the English-speaking cyber criminal group Scattered Spider, occurred over the Easter weekend and initially disrupted contactless payments and click-and-collect services. Within days, M&S took the dramatic step of suspending all online orders. The retailer estimates a financial impact of up to £300 million, but the damage to customer trust will prove harder to quantify.

From a CX perspective, the loss of personal data touches the most sensitive nerve in the customer relationship: trust. 

“The data breach at M&S serves as a stark reminder that digital trust is no longer a ‘nice to have’ - it’s foundational to the customer experience,” said a CX strategist from a leading consultancy. “Customers want transparency, accountability and assurance that their personal information is being protected at all times.”

Customer data breach: Technical recovery and emotional reassurance 

M&S has pledged to keep customers informed as they work to resume full online services by July. In the meantime, they face the challenge of technical recovery and emotional reassurance. The retailer must not only fix its systems but also re-establish the sense of consumer trust that underpins loyalty in the digital age.

M&S began to mitigate the fallout by issuing proactive communications. However, some customers have expressed frustration over delays in being directly notified. Experts say clear, empathetic messaging is now more critical than ever and that the company’s next steps will be pivotal in defining how the brand is perceived long-term. As the investigation continues, the M&S breach will become a reference point for CX leaders across industries.

Quick links:

Topics: Customer Data, Insights & Analytics

RECOMMENDED

FIND CONTENT BY TYPE

CX Network COMMUNITY

ADVERTISE WITH US

Advertise Now

JOIN THE CX Network COMMUNITY

Join today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Become a Member Today
iqpc logo

CX Network, a division of IQPC

© 2025 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC| Contact Us | About Us | Cookie Policy