British retail giant Marks & Spencer (M&S) has confirmed that some personal customer information was accessed during a recent cyber attack that has severely disrupted its online operations for over three weeks. The prominent retailer, a household name in the UK, ceased taking online orders on April 25th, and its share price has since seen a notable decline of 15% since the Easter weekend, when the initial issues began to surface.

While M&S has not explicitly confirmed the nature of the attack, widespread reports suggest the company fell victim to a ransomware incident. This type of cybercrime involves unauthorized access to a company's computer systems, encryption of data, and a subsequent demand for payment in exchange for restoring access and control.

In a statement released on Tuesday, M&S acknowledged that "some personal customer details had been taken" as a result of the "sophisticated nature" of the incident. The company assured that affected customers would be directly informed of the issue.

Despite the data breach, M&S advised its customer base that there was "no need to take any action" at this time. The retailer stated that it has implemented measures to fortify its systems and is actively collaborating with cybersecurity specialists, law enforcement agencies, and relevant government bodies to address the situation.

M&S has refrained from providing a specific figure regarding the financial repercussions of the ongoing disruption. However, with each passing day of its online outage, the financial impact is undoubtedly escalating as the company misses out on crucial sales, particularly of its new season ranges during a period of unseasonably warm weather across much of the UK. Online sales account for approximately one-third of M&S's total clothing and home goods revenue, underscoring the significant financial implications of the prolonged online shutdown. The company's extensive network of 1,000 physical stores remains open and operational.