UK Retailer Marks & Spencer Plays Incident Response Straight

Expert Lauds 'Textbook Cyber Crisis Communications' as M&S Details Some Disruption Mathew J. Schwartz (euroinfosec) • April 23, 2025

It's rare to see a corporation lauded for its hacking incident communications, but British retailer Marks & Spencer has executed an admirable version of what informing the world of bad news should look like.

See Also: Live Webinar | Resilience in Crisis: Recovering Your Minimum Viable Company Fast

The company announced that it "has been managing a cyberincident over the past few days" in a statement Tuesday to the London Stock Exchange.

Here's what the retailer's note lacked: marketing spin. At no point did the business begin playing data breach notification cliché bingo to try to minimize impact or culpability by normalizing cyberattacks, throwing up its hands in the face of hacker ninjas, proclaiming to "take the security of your information seriously," or even pretending nothing happened (see ...