According to M&S, the stolen data may include names, email addresses, postal addresses, and dates of birth. However, the company assured customers that no payment details, card information, or account passwords were accessed. There is also no evidence that the stolen data has been shared online.
M&S chief executive Stuart Machin issued a statement to customers, saying, “We have written to customers today to let them know that unfortunately, some personal customer information has been taken. Importantly, there is no evidence that the information has been shared.”
As a precaution, M&S will ask customers to reset their passwords when they next log in to their accounts. The company has also provided advice on how to stay safe online.
M&S has not revealed how many customers were affected, but it had 9.4 million active online customers in the year ending March 30. The company has emailed all website customers to notify them about the data breach.
Since April 25, M&S has been unable to process online orders through its website or app. However, all physical stores remain open. Contactless payments in-store were quickly restored, and customers can now return online orders at stores.
The cyber attack has been linked to a hacker group known as “Scattered Spider.” The UK’s Information Commissioner’s Office (ICO) is investigating the incident, along with a similar cyber attack on the Co-op. The Co-op also confirmed that hackers accessed members’ personal data and caused system disruptions.
Luxury retailer Harrods also faced an attempted cyber attack recently and restricted internet access at its sites as a safety measure.
The UK’s National Crime Agency (NCA) is investigating these cyber attacks and said it is “mindful they may be linked.”
Retail experts have warned that the incident could lead to financial losses for M&S. The company’s annual financial results, expected on May 21, may reveal the impact of the cyber attack.
Tags:
Cybercrime in World
