M&S to open 12 new stores after issuing cyber attack update

Marks and Spencer has announced plans to open 12 new food halls in former locations. Some of the locations M&S is targeting include Abingdon, Cannock, Farnham, Godalming and Northampton.

The new stores in Abingdon and Cannock are expected to open in late 2025 and will measure 18,000sq ft. The rest of the locations will open in mid-2026, with the Godalming store set to measure 22,000sq ft - making it the largest food hall to date.

The new stores will create more than 550 jobs. M&S CEO Stuart Machin said: “Investing in new and renewed stores is one of our key transformation priorities.

READ MORE:

READ MORE:

“Securing these highly desirable sites in priority locations will accelerate this strategy, drive further growth in our M&S food business and most importantly give our customers the best possible M&S shopping experience.”

The move is part of M&S’ store rotation programme, which aims to increase the number of its food-only sites to 420 by 2028, while reducing the number of its full-line stores to 180.

It comes after Marks and Spencer issued an update following its cyber attack and warned that ongoing disruption could last until July. The supermarket was targeted on Easter weekend but shoppers are still currently unable to order from online.

At the time, the cyber attack impacted contactless payments and click and collect orders, while some shelves in stores were also left empty.

M&S stores are largely back to normal in terms of stock availability, but online orders remain paused around four weeks after they were first halted.

The cyber attack is expected to cost the company around £300million. It has subsequently been revealed that customer data, which could have included names, email addresses, addresses and dates of birth, was taken by the hackers.

It has been reported that the cyber attack is being linked to hacking group Scattered Spider - with some of the hackers believed to be just teenagers.

Paul Foster, head of the National Crime Agency national cyber-crime unit, told the : "We are looking at the group that is publicly known as Scattered Spider, but we've got a range of different hypotheses and we'll follow the evidence to get to the offenders."

M&S chief executive Stuart Machin told reporters that hackers gained access to its IT systems through a third party after “human error” rather than a weakness in the system.

He said: “Unable to get into our systems by breaking through our digital defences, the attackers did try another route, resorting to that term social engineering by entering through a third party.”