Marks & Spencer tech chief resigns after £300m cyber attack

Rachel Higham, Marks & Spencer’s chief digital and technology officer, has resigned after little more than a year in the role, the retailer said, amid the fallout from a cyber attack that is expected to shave about £300 million from this year’s profits.

In a note to staff, chief executive Stuart Machin said Higham had “steered the digital and technology team through a challenging six months” and was stepping back to take a break. Operations director Sacha Berendji, who has served as the company’s “chief recovery officer” since the attack, will take on Higham’s responsibilities as M&S moves to accelerate its digital and technology plan.

The incident, which took place over Easter, involved the theft of personal data belonging to millions of customers, including names, email addresses, postal addresses and dates of birth, M&S and other reporting have said. Four people, including three teenagers, were bailed pending further enquiries in July after being detained in relation to the incident.

The breach disrupted M&S’s online operations and is thought to have driven some shoppers to rival retailers, including Next, which sells a number of the same third-party brands online. The company has warned the financial hit from the attack will be significant, reducing profits by about £300 million for the year.

Machin sought to frame the breach as a setback rather than a derailment of the retailer’s recovery, saying it would not halt the business’s revival and that steps were under way to ensure systems were restored ahead of the critical Christmas trading period.

Higham joined M&S in July 2024 after senior roles at WPP and BT Group. Company sources described her departure as a decision to take a “career break.” The retailer did not give a timetable for appointing a permanent successor to the chief digital and technology role.

Investigators and the company are continuing work to assess the full scale of the breach and the extent of data exposure. The same hacking group is reported to have targeted other UK retailers in the spring, including the Co-op and Harrods, and has claimed responsibility for an attack on the production lines at Jaguar Land Rover. The group, which refers to itself by names including “Scattered Lapsus$ Hunters” and “Scattered Spider,” has posted taunting messages on social media related to some of the alleged intrusions.

M&S has been working to restore customer confidence and its online services while pursuing remedial security measures. Under Berendji’s interim oversight, the company said it would accelerate plans to strengthen its digital infrastructure ahead of the peak trading season.

The resignation comes as retail businesses across the UK and beyond confront a rising number of cyber incidents that have the potential to inflict both immediate operational disruption and lasting reputational and financial damage. M&S’s disclosure of the breach and its estimated cost has drawn attention to the exposure of customer data and the implications for competition among retailers during a period of fragile consumer spending.

The company did not provide further comment on any internal reviews or potential policy changes related to executive accountability, nor did it announce a timeline for a permanent appointment to the digital and technology leadership role.