Marks & Spencer Reveals Customer Data Taken by Hackers After Cyber Attack
Retail giant Marks & Spencer has revealed that customer personal data has been taken by hackers after being hit by a damaging cyber attack. The company's chief executive, Stuart Machin, said the data had been accessed due to the "sophisticated nature of the incident". Personal data that could have been accessed includes names, email addresses, postal addresses, and dates of birth, according to M&S.
However, the group stressed that the data does not include payment or card details, or account passwords. The information has also not been shared online, and there is no evidence to suggest it has been used for any malicious purposes. In a statement, Mr Machin assured customers that "there is no need for customers to take any action" in response to the breach.
The high street chain did not say how many shoppers had been affected by the data breach but has emailed all website customers to alert them about the incident. M&S had 9.4 million active online customers in the year to March 30, according to its last full-year results.
Acknowledging the Breach
M&S first reported the issue over the Easter weekend, with the incident initially causing problems for the retailer's contactless payments and click and collect orders. The company has not been able to take any orders through its website or app since April 25 as it tries to resolve the problem.
However, all stores remain open, and customers can still shop in-store without any issues. To give customers extra peace of mind, M&S will be prompting them to reset their password the next time they visit or log on to their account.
The Investigation Continues
A hacking group operating under the name Scattered Spider has been linked to the ransomware attack, according to reports. The Information Commissioner's Office said it is also looking into the attack, as well as a similar major incident involving the Co-op.
The Co-op has apologized to customers after hackers accessed and extracted members' personal data, such as names and contact details. Harrods also confirmed earlier this month that it had been affected by an attempted hack and had temporarily restricted internet access across its sites as a precautionary measure.
Investigations Underway
The National Crime Agency is investigating the attacks individually but has said it is "mindful they may be linked". Retail experts have warned that M&S's struggles to grapple with the fallout of the hack could lead to a significant profit hit, which will be reflected in its annual results on May 21.
Away from Online Shopping
While M&S shoppers are still unable to buy online due to the attack, the company was able to restart contactless payments in store fairly quickly. Customers can now take online order returns to stores as well.
This is a developing story, and we will continue to provide updates as more information becomes available.