Marks & Spencer Reveals Customer Data Breach After Sophisticated Cyber Attack

Retail giant Marks & Spencer (M&S) has confirmed that customer personal data was compromised after a devastating cyber attack, which left the company's website and app offline for several days. The breach, attributed to the "sophisticated nature of the incident," resulted in the theft of sensitive information including names, email addresses, postal addresses, and dates of birth.

In a statement, Chief Executive Stuart Machin assured customers that while their data was accessed, it did not include payment or card details, account passwords, or any evidence of sharing online. However, as a precautionary measure, M&S has taken steps to secure its systems further and alerted all website customers about the breach through an email.

Machin emphasized that there is "no need for customers to take any action," citing the fact that the compromised data does not pose a risk to their financial security. He also pledged extra peace of mind by instructing customers to reset their password on their next visit or log-on to their M&S account.

The cyber attack, which occurred in April, has had far-reaching consequences for the high street chain. Since then, M&S has been unable to take online orders through its website or app, although all stores remain open and operational. The incident initially disrupted contactless payments and click-and-collect services, while some store availability was also affected due to the temporary closure of certain systems.

The hacking group responsible for the attack, known as Scattered Spider, has been linked to several other major incidents in recent weeks, including a breach at Co-op food stores. The Information Commissioner's Office (ICO) is also investigating the incident, along with another similar attack on Co-op members' personal data.

The National Crime Agency (NCA) is currently investigating both breaches individually and has expressed concerns that they may be connected. As M&S prepares to release its annual results on May 21, experts predict a significant profit hit due to the company's struggles to recover from this cyber attack.

While customers are unable to purchase online, M&S has managed to restart contactless payments in-store and has introduced an option for online order returns to stores. The company remains committed to customer safety and security, emphasizing that there is "no need for customers to take any action" following the data breach.

Key Facts

* Marks & Spencer's website and app were unavailable due to a cyber attack * Customer personal data was accessed during the incident, including names, email addresses, postal addresses, and dates of birth * Payment or card details, account passwords, and sharing online are not believed to have occurred * The Information Commissioner's Office (ICO) is investigating the breach alongside another Co-op incident * National Crime Agency (NCA) is also looking into both incidents separately

Stay Safe Online with M&S

Marks & Spencer has provided guidance on how customers can protect themselves online, including resetting their password and staying vigilant for suspicious activity. The retailer remains committed to customer safety and security, reassuring shoppers that there is no need to take any action following the data breach.