Over 1,000 join legal action against M&S after major customer data breach
Names, emails, addresses, and birth dates stolen — raising concerns over identity fraud and phishing scams
M&S admits fault, estimating the breach could cost the company around £300 million
Customers urged to beware of fake emails offering gifts; experts stress verifying sender details before clicking links
M&S hopes to fully restore digital operations by August, following shutdowns to contain the breach
More than 1,000 Scots have joined legal action against Marks & Spencer following a major cyber attack that compromised customer data, according to lawyers.
Thompsons Solicitors said it is launching a class action lawsuit against the retail giant after a catastrophic data breach in April that saw personal details belonging to millions of customers stolen by cyber criminals.
The action allows affected individuals to seek compensation collectively, rather than through individual claims.
M&S has since admitted that the incident was the result of 'human error' and said the fallout is expected to cost the company around £300m.
At the same time, the Co-Op Group was also targeted in a ransomware attack – believed to be part of a wider coordinated operation by criminals.
The stolen information included names, email addresses, postal addresses, and dates of birth. Although no passwords or financial information were taken, experts warn that this kind of data could be used to commit identity fraud or enhance phishing scams. STV News Thompsons senior partner Patrick McGuire
Thompsons senior partner Patrick McGuire said the legal action is still in its early 'onboarding' stages, but the number of claimants continues to grow rapidly.
'More and more people have approached us,' he told STV News.
'What that shows is how strongly Marks customers feel about that incident. They are upset, distressed and angry at the way the company treated them, the way it's been almost brushed under the carpet.
'Unless M&S can show they had absolutely nothing to do with the loss, that they could've done nothing else to prevent the loss from happening, they are liable in law to pay compensation.
'That's clearly the case in this incident; they did not do enough, they did not have robust enough systems, they are legally responsible.'
Thompsons has previously represented clients in other data breach cases involving organisations such as Arnold Clark and the University of the West of Scotland. iStock Class action lawsuit filed against M&S following major data breach
According to the UK Government's Cyber Security Breaches Survey 2025, 43% of businesses reported experiencing at least one cyberattack or breach in the past year. The prevalence of ransomware attacks has also increased significantly, with an estimated 1% of all UK businesses – roughly 19,000 firms – affected in 2025, up from less than 0.5% in 2024.
Mr McGuire said the trend should serve as a warning for all companies holding personal data.
'The legislation is perfectly clear; the people who hold our data have a very heavy burden to protect that data. When that doesn't happen, they are just as responsible in law as the hackers for injury, upset, and distress caused by that data loss,' he said.
'Marks & Spencer legally have nowhere to hide. I hope that means they will come to the table quickly and do the right thing, and pay their loyal customers compensation to which they're entitled.'
A spokesperson for Marks & Spencer said they have not yet received any group litigation claims.
The company also notified regulators soon after discovering the cyber incident and continue to work closely with them.
The statement read: 'We wrote to our customers as soon as we could in relation to their personal data, making clear that no useable card or payment details or account passwords had been extracted during the cyber incident, and that there was no evidence that any customer data had been shared, which we continue to monitor and remains the case.'
Last week, the boss of Marks & Spencer said he hoped its online operations would be running 'fully' within four weeks as it continues to recover from the damaging cyber attack.
Stuart Machin told the retailer's annual general meeting: 'I have previously highlighted that it would take all of June and all of July, maybe into August but definitely by July.
'During the incident we chose to shut things down because we didn't want the risk of things going wrong.
'Currently, half of online is open but not areas like click and collect. Within the next four weeks we are hoping for the whole of online to be fully on.
'Then our focus will be getting the Donington site back and running. We're hoping that by August we will have the vast majority of this behind us and people can see the true M&S.'
M&S has sent gift cards to some customers but scammers are also sending fraudulent emails offering afternoon tea hampers if you complete a survey.
Consumer experts have warned to be suspicious of emails that come out of the blue.
'Check the email address it's sent from to see if it ends in 'marksandspencer.com' before clicking on any links and if you are still in doubt, contact M&S directly to verify if it's legitimate,' said Lisa Webb, a consumer law expert at Which?
Dave Excell, founder of Featurespace, said: 'Scammers have a wide range of tools in their armoury to make digital communications as convincing as possible, and button generation using embedded links that take the victim to another site are one such example.' Fraudsters are using embedded links and button generation to disguise malicious websites in emails
Criminals often exploit current events to make their scams appear timely and legitimate
AI tools like FraudGPT and deepfakes are being used to enhance the realism and effectiveness of scams
'Financial providers must continue to invest in technology such as AI to identify and prevent fraud in real-time, enabling banks to effectively work alongside their customers to help spot scams before it's too late,' Mr Excell said.
Get all the latest news from around the country Follow STV News
Scan the QR code on your mobile device for all the latest news from around the country
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Evening Standard
8 minutes ago
- Evening Standard
Taste test: We tried the new Tesco birthday cake sandwich
Far be it from me to say that Tesco falls decidedly below M&S on the supermarket scale, but come the f*** on. Having seen the viral success of Marks' strawberry and creme sandwich — a riff on Japanese sandos found in petrol stations and the like across Japan — Tesco has decided to get in on the sweet sandwich game. Only, instead of fresh fruit and like cream, they've gone for sweet strawberry jam and cream cheese icing, studded with hundreds and thousands. And they're calling it 'birthday cake sandwich.' This surely is an answer to a request nobody made — except, perhaps, high-ups in the corporate head office, greedy for a little more income and hoping the M&S effect can be repeated. Bizarrely, it is more expensive than the real fruit sarnie, by 20p.
Reuters
8 minutes ago
- Reuters
Wall Street pares gains after fresh economic data; earnings in spotlight
Aug 5 (Reuters) - Wall Street's main indexes gave up opening gains on Tuesday after data showed U.S. services activity stalled, while investors continued to assess the latest batch of corporate earnings. At 10:07 a.m. ET, the Dow Jones Industrial Average (.DJI), opens new tab fell 63.46 points, or 0.14%, to 44,110.18, and the S&P 500 (.SPX), opens new tab lost 1.86 points, or 0.03%, to 6,328.08. The Nasdaq Composite (.IXIC), opens new tab gained 37.45 points, or 0.18%, to 21,091.04. U.S. services sector growth unexpectedly stalled in July, as new orders barely budged and hiring slipped further - even as input costs soared at their fastest pace in nearly three years - highlighting how uncertainty around the Trump administration's tariff policy continues to weigh on businesses. Wall Street had roared back to life on Monday by posting its best session since May 27 and recouping last week's losses when disappointing July jobs data and sharp downward revisions to prior months fueled expectations of a Fed rate cut in September. As per CME Group's FedWatch tool, odds of a September cut stands at 90%, up sharply from 63.3% just a week ago - and market watchers are eyeing at least two quarter-point cuts by year-end. Earnings from major names on Tuesday include Advanced Micro Devices (AMD.O), opens new tab, Snap and Rivian (RIVN.O), opens new tab. Pfizer (PFE.N), opens new tab gained 3.6% in after raising its annual profit forecast, while Palantir Technologies (PLTR.O), opens new tab rose 8.6% as it boosted itsannual revenue forecast. Meanwhile, President Donald Trump's decision to fire the head of the Bureau of Labor Statistics, responsible for past jobs data, stoked investors' fears about the integrity of economic data. Trump on a CNBC interview said he would "shortly" announce his pick for an open seat on the Federal Reserve's board of governors and possibly his nominee for Fed chair as well. "You can announce who the next chair is, but I don't think that Chair Powell will be going anywhere until the end of his term. I also don't think that whoever is announced as the new Fed chair will really be impactful," said Art Hogan, chief market strategist at B Riley Wealth. Investors also weighed the impact of U.S. tariffs on global economies and corporate earnings. Trump signaled that the U.S. could soon slap a "small tariff" on pharmaceutical imports, with the potential for steeper rates down the line. He also hinted at progress toward a trade deal with China, suggesting a possible meeting with President Xi Jinping by this year's end if talks succeed. Beyond last week's jobs data jolt, Wall Street has stayed buoyant, fueled by blockbuster earnings from the "Magnificent 7" tech giants, with Nvidia's (NVDA.O), opens new tab results on deck in three weeks. Reflecting the market's upbeat mood, HSBC just boosted its S&P 500 year-end target by more than 800 points to 6,400, citing AI excitement and easing U.S. policy uncertainty. Caterpillar (CAT.N), opens new tab slipped 0.3% after reporting a lower second-quarter profit, hurt by sluggish demand for construction equipment and higher costs tied to U.S. tariffs. KFC parent Yum Brands (YUM.N), opens new tab fell 2.8% after missing estimates for second-quarter comparable sales and profit. Advancing issues outnumbered decliners by a 1.29-to-1 ratio on the NYSE and by a 1.07-to-1 ratio on the Nasdaq. The S&P 500 posted 31 new 52-week highs and four new lows, while the Nasdaq Composite recorded 54 new highs and 40 new lows.
Scotsman
38 minutes ago
- Scotsman
Scots businessman who ran brothel from notorious Edinburgh sauna spared jail sentence
The pensioner was found to be running the sex den after a woman died within the premises leading to a police investigation. Sign up to the daily Crime UK newsletter. All the latest crime news and trials from across the UK. Sign up Thank you for signing up! Did you know with a Digital Subscription to The Scotsman, you can get unlimited access to the website including our premium content, as well as benefiting from fewer ads, loyalty rewards and much more. Learn More Sorry, there seem to be some issues. Please try again later. Submitting... A Scots businessman caught running a brothel from inside a notorious Edinburgh sauna has been spared a jail sentence. Ian Douglas Haig operated the illegal sex business from the Scorpio Leisure premises in the Leith area of the capital between 2016 and 2022. Advertisement Hide Ad Advertisement Hide Ad Haig, 82, made a living from the brothel by charging patrons an entry fee and being paid a flat rate by the sex workers for renting out one of the sauna's five bedrooms. The pensioner was found to be running the sex den after a woman died within the premises leading to a police investigation into the circumstances of the death in April 2022. Officers interviewed staff and clients who had attended the sauna and discovered the business was also being used for prostitution purposes. Ian Douglas Haig, 82, was ordered to wear an electronic tag on his ankle. | Supplied Haig was arrested and charged and pleaded guilty to allowing the sauna to be used as a brothel between March 1, 2016 and April 30, 2022 when he appeared on indictment at the capital's sheriff court last month. Advertisement Hide Ad Advertisement Hide Ad The company director was back in the dock for sentencing on Tuesday where Sheriff Fergus Thomson said he would be stepping back from a custodial sentence and instead issued a restriction of liberty order. The OAP was ordered to wear an electronic tag on his ankle and stay within his home address between 7pm and 7am for the next 90 days. Make sure you keep up to date with news from across Scotland by signing up to our free newsletter here. A Crown motion for a proceeds of crime order was continued to October. Advertisement Hide Ad Advertisement Hide Ad Previously a written narration was read out to the court describing Haig, of the capital's New Town, as the 'the long standing tenant' and 'the operator of the business known as Scorpio Leisure'. The narration stated: 'Scorpio Leisure was offering paying customers massage services, advertised itself as a sauna and operated as a brothel.' The court was told patrons entered the sauna through a locked inner door and the inside of the building included a lounge, a staff kitchen with 16 lockers, a shower area and changing room. The narration read: 'There were five rooms all containing a bed, mirrors on the walls, a corner bath and showers. The rooms contained stocks of wipes, lubricants and shower gel.' Advertisement Hide Ad Advertisement Hide Ad The court heard a woman passed away in non-suspicious circumstances within the sauna on April 30, 2022 sparking a police investigation. A number of women working at the sauna were interviewed and said men attending the brothel paid Haig an entrance fee of £20 per person for a 30 minutes session and £35 for 90 minutes. The narration detailed the brothel's pricing structure stating customers paid the women £50 for a 30 minute appointment and £75 for 90 minutes. The court was told the sex workers would then pay Haig £10 per client for the use of one of the bedrooms. Advertisement Hide Ad Advertisement Hide Ad The narration added: 'Clients attending at Scorpio Leisure selected the women at the lounge area then moved to a bedroom. 'Some of those clients provided statements on their interactions with the accused either on arrival or departure and were quite clear the accused knew the premises were being operated as a brothel.' Nurses from the health charity SACRO regularly attended the premises to 'supply condoms and offer sexual health advice and support to the women working there'. Lawyer Nigel Bruce, defending, said his client was involved in 'an unusual type of case' and that he had been previously investigated for a similar offence but not prosecuted in 2013. Advertisement Hide Ad Advertisement Hide Ad Mr Bruce said: 'Everyone in Edinburgh knew this place was run as a brothel including the police, the Crown authorities and social workers. 'SACRO regularly attended there and police officers were regularly in attendance and it was well known the premises were being operated as a brothel. 'He seems to have taken pride in his job and he seems to have a care for the welfare of the women who essentially were self-employed.' The solicitor added there had been 'no coercion or exploitation involved' of the women working at the sauna.
