M&S tech boss exits less than a year after crippling cyber attack

Marks & Spencer’s Chief Technology Officer Josie Smith is quitting her role just 18 months after joining the retailer, and less than a year after M&S suffered a devastating cyber attack.

That’s according to a report from Sky News, which also points to her exit coming just four months after another technology executive, Rachel Higham, formerly M&S’s Chief Digital & Technology Officer, departed the business.

Smith’s exit was reportedly disclosed in an internal memo this week, which said she had “decided to leave M&S”.

She will be replaced as by Darren Gibson, the Fashion, Home & Beauty Technology Transformation Director.

The cyber attack in April 2025 cost M&S hundreds of millions of pounds and had a prolonged impact on its stock data and management systems well into last year.

M&S’s trading update from 8 January 2026 – covering the 13 weeks to 27 December 2025 – saw food sales leap 5.6% year-on-year, however the group’s fashion, home and beauty division saw sales drop by 2.9% year-on-year.

M&S said that online sales growth was offset by less spending in stores, which it partly attributed to “reduced high street footfall”, meaning less visitors to British high streets, though it also blamed the prolonged impact of the cyber attack.

It was in April 2025 that M&S was forced to halt online orders after it was targeted by hackers.

Customer personal data – which could have included names, email addresses, postal addresses and dates of birth – was taken during the attack.

In July 2025, M&S revealed that the hack was caused by “human error” and would cost it around £300 million.