Marks & Spencer (M&S) in Hong Kong has been the subject of a customer data breach involving personal information such as names, email addresses, physical addresses, telephone numbers, dates of birth, online order histories, and masked payment card details used for online purchases. The company has not responded to inquiries from the Hong Kong Privacy Commissioner’s Office regarding the breach. The incident has raised concerns about the slow recovery of M&S from the cyberattack, which could cause lasting damage to the retailer. The breach has also led to a lawsuit against M&S. Industry leaders and former executives have highlighted the pervasive and ongoing nature of cyberattacks, with one former M&S CEO warning that hacking attempts target almost every system globally. The CEO of M&S is reportedly facing a multimillion-pound pay reduction as a consequence of the cyberattack. Additionally, a leading UK bank executive has criticized social media platforms, particularly Meta, for contributing to the rise of fraud and payment scams in the UK. The broader retail sector is increasingly concerned about the normalization of cyberattacks and the erosion of consumer trust in online payment systems.