U.K. retail giant Marks & Spencer has confirmed that hackers stole customer personal data during a cyberattack last month.
In a disclosure filed with the London Stock Exchange on Tuesday, the company said customer names, dates of birth, addresses, phone numbers, household information, and online order histories were compromised.
The retailer is resetting affected users’ online account passwords as a precaution. While the total number of impacted individuals remains undisclosed, Marks & Spencer had 9.4 million online customers as of March 30, 2024.
Operations continue to face disruption, with some store shelves empty and online ordering still offline. The ransomware and extortion group DragonForce has reportedly claimed responsibility for the breach, as well as attacks on other U.K. retailers, including the Co-op and Harrods.
The Co-op has since confirmed that customer data was exfiltrated, including names, birth dates, and contact details. According to the BBC, DragonForce claims to have stolen information on 20 million current and former Co-op members.
The U.K.’s National Cyber Security Centre is investigating the breaches alongside law enforcement agencies.
