Marks & Spencer technology chief resigns months after £300m cyber attack

Marks & Spencer’s chief digital and technology officer, Rachel Higham, has resigned just over a year after joining the retailer, a departure that follows a major cyber attack this spring that M&S says will shave about £300 million from its profits this year.

In a note to staff, chief executive Stuart Machin said Higham had "steered the digital and technology team through a challenging six months" and that she had decided to "take a break and is stepping back from her role." The company said operations director Sacha Berendji, who has served as the business’s "chief recovery officer" since the attack, will take on Higham’s responsibilities as M&S continues its recovery work ahead of the peak trading season.

The attack, which occurred over the Easter period, forced M&S to halt online orders via its website and app while it worked to stabilise systems. The retailer said its food-stocking systems were disrupted, leaving some stores with empty shelves, and it did not offer online sales for clothes and homeware for almost two months or click-and-collect services for nearly four months. The disruption prompted some customers to switch purchases to competitors, including Next, which sells overlapping third‑party brands online.

M&S said personal data for millions of customers may have been stolen in the incident, including names, email and postal addresses, and dates of birth. In July, police bailed four individuals, three of them teenagers, pending further enquiries in relation to the attack. The group behind a string of recent intrusions, which has used names such as "Scattered Lapsus$ Hunters" and "Scattered Spider," has claimed responsibility for a number of incidents affecting UK companies and has publicly taunted some victims on social media.

Machin described the breach as a "bump in the road," saying he was confident the business could accelerate its digital and technology plan under Berendji’s leadership and be "set up to deliver our biggest and best‑ever Christmas peak." Higham, who previously held executive roles at WPP and BT Group, joined M&S in July 2024.

Other UK retailers have reported being targeted by the same group this spring, including the Co‑op and Harrods, and the attackers have in recent days claimed responsibility for an incident they say affected production lines at Jaguar Land Rover. Companies and law enforcement agencies have said investigations into the campaigns are ongoing.

The disruption at M&S highlights the operational and financial risks that cyber incidents present to large retailers that rely on integrated online ordering, logistics and in‑store replenishment systems. The company has moved some recovery leadership responsibilities to existing senior operations staff while it continues work to restore full digital services and rebuild customer confidence.

M&S’s confirmation of Higham’s departure and Berendji’s expanded role came as the retailer continues to finalise the financial impact of the attack and to pursue remedial and security measures. The company said it remained focused on delivering its retail strategy and preparing for the critical year‑end trading period.