M&S Confirms Customer Data Stolen in Major UK Cyber Attack

British retailer Marks and Spencer has suffered a sophisticated cyber attack that compromised some personal customer information, disrupting its online operations for over three weeks. The company confirmed that no usable payment or card details, nor account passwords, were accessed, and there is no evidence that the stolen data has been shared. Customers are being prompted to reset their passwords for added security, although no immediate action is required. The retailer's physical stores remain open despite ongoing challenges with online orders and services such as contactless payments and click-and-collect. M&S is working around the clock with cybersecurity experts and relevant authorities, including the National Cyber Security Centre and the Information Commissioner's Office, to resolve the incident. The attack is attributed to the cybercriminal group known as "Scattered Spider," which specializes in ransomware operations.