Marks & Spencer tech chief resigns after cyber attack that cost retailer about £300 million

Marks & Spencer’s chief digital and technology officer, Rachel Higham, has resigned after little more than a year in the role, the retailer said, following a cyber attack over Easter that the company says will cut profits by about £300 million this year.

In a note to staff, chief executive Stuart Machin said Higham had "steered the digital and technology team through a challenging six months" and was "taking a break". Operations director Sacha Berendji, who has served as the company's "chief recovery officer" since the attack, will take on her responsibilities as M&S seeks to complete its recovery ahead of the crucial Christmas trading period.

The attack, which occurred over the Easter period, resulted in the theft of customers' personal data and prompted arrests. Four individuals, including three teenagers, were bailed pending further enquiries in July, authorities have said. M&S said the stolen information could have included names, email addresses, postal addresses and dates of birth for millions of customers.

The breach disrupted trading and diverted some shoppers to competitors, with Next among retailers that benefited by capturing sales of third-party brands sold by M&S. Machin acknowledged the financial hit but sought to reassure staff and investors, calling the incident a "bump in the road" and expressing confidence that the company could "accelerate the digital and technology plan and ensure we are set up to deliver our biggest and best-ever Christmas peak."

Higham, who joined M&S in July 2024 after senior roles at WPP and BT Group, stepped down after overseeing the initial recovery from the incident. The company did not provide a timetable for a permanent appointment to replace her.

M&S has said the attack will leave an approximately £300 million dent in profits for the current financial year. The retailer has been working to restore services, shore up security and reassure customers and suppliers while pursuing forensic and legal responses to the breach.

The cybercriminals behind the intrusion have been linked to a wider set of attacks on U.K. companies this spring. Other targets reported by authorities and companies included the Co-op and Harrods. The group, which has used names such as "Scattered Lapsus$ Hunters" and "Scattered Spider" in online posts, has publicly claimed responsibility for several incidents and has sought to taunt firms on social media. In recent days the group claimed to be behind an attack on production lines at Jaguar Land Rover, posting messages that included the line, "Where is my new car, Land Rover?" Authorities and companies have cautioned that online claims by criminal groups are not always independently verified.

Security experts say major retail breaches can have an extended commercial impact beyond immediate recovery costs, including lost sales, remediation expenses, potential fines and reputational damage. M&S's announcement of a large profit hit reflects a combination of direct costs related to remediation and lost revenue while services and customer confidence were disrupted.

Machin's messaging to staff emphasized continuity of leadership and a focus on operational delivery through the holiday season, while the company continues to cooperate with law enforcement and professional investigators. M&S has not disclosed the full scope of any regulatory or legal consequences that may follow from the breach as investigations continue.

The resignation of a senior technology executive in the wake of a major cyber incident is consistent with patterns seen across sectors where boards and management teams reassess leadership, controls and resilience after significant security events. M&S said Higham had been "a steady hand and calm head at an extraordinary time for the business" and extended best wishes for her future, while placing interim digital and technology responsibilities with a long-serving operational leader tasked with completing recovery work ahead of peak trading.