Marks & Spencer confirms customer data stolen in cyberattack. M&S said that some customer data — but not payment card details or passwords — had been breached in a recent cyberattack. British retailer Marks and Spencer (M&S) announced on Tuesday that it was writing to customers to confirm their personal data had been compromised in a recent cyberattack. It follows the company announcing in April that it had been managing a cyber incident that was causing disruption to its operations. The share price for M&S — a constituent of the FTSE 100 Index — has dropped 11% over the last month. Third-party company: Tata Consultancy Services (TCS).