Investing.com -- British retailer Marks and Spencer Group PLC (LON: MKS ) said on Tuesday that a cyberattack, which has disrupted its online operations for over three weeks, compromised some personal customer information.

M&S shared an update on the cyberattack first disclosed on April 22, 2025, saying it has implemented security measures and brought in leading cybersecurity experts to address the incident.

The incident has been reported to appropriate government authorities and law enforcement agencies, with whom M&S is working closely, the company said in a statement.

M&S added that it has begun notifying customers that due to the sophisticated nature of the cyber attack, some personal customer data has been compromised.

However, the company assured that the stolen data doesn’t include usable payment or card details, which aren’t stored in their systems, nor does it include any account passwords.

M&S also stated that there’s no evidence that this data has been shared.

The retailer attributed the data breach to the "sophisticated nature" of the cyber attack and pledged to keep customers informed about the issue.