Mark & Spencer Confirms Customers' Personal Data Was Stolen in Hack

UK retail giant Marks & Spencer has confirmed that hackers stole its customers' personal information during a cyberattack last month. In a brief statement with London's stock exchange on Tuesday, the retailer said an unspecified amount of customer information was taken in the data breach.

The BBC, which first reported the company's filing, cited a Marks & Spencer online letter as saying that the stolen data includes customer names, dates of birth, home and email addresses, phone numbers, household information, and online order histories. The company also said it was resetting the online account passwords of its customers.

Marks & Spencer continues to experience disruption and outages across its stores, with some grocery shelves remaining empty after the hack affected the company's operations. The company's online ordering system for customers also remains offline. It's not clear how many individuals' data was stolen during the hack.

The Scope of the Breach

When reached by TechCrunch, Marks & Spencer spokesperson Alicia Sanctuary would not say how many individuals are affected and referred TechCrunch to its online statement. However, it's worth noting that Marks & Spencer had 9.4 million online customers as of 30 March 2024, per its most recent annual report.

A ransomware and extortion gang called DragonForce reportedly took credit for the cyberattacks on several UK retail giants, including Marks & Spencer, per media reports. Other affected retailers include the Co-op and Harrods. The Co-op initially said there was no evidence that data was compromised, but later said the hackers had stolen customer data.

The BBC reported last week that DragonForce claimed it had the private information of 20 million people who signed up to Co-op's membership program, including current and former members. The UK National Cyber Security Centre said last week that it was "working with the victims and law enforcement colleagues" to understand more about the hacks.

Consequences for Customers

The breach has left customers concerned about their personal data being compromised. Marks & Spencer's online ordering system remains offline, which may cause inconvenience for those who rely on it for grocery shopping or other essentials.

In addition to resetting customer account passwords, the company is likely to implement further security measures to prevent similar breaches in the future.

What You Can Do

While the full extent of the breach remains unclear, there are steps you can take to protect your personal data. If you have shopped at Marks & Spencer or used its online services recently, it's essential to check your account status and change any passwords that may be affected.

You should also monitor your credit reports and bank statements for any suspicious activity. It's always a good idea to keep an eye on your personal data and take action quickly if you suspect anything is amiss.