Retail giant Marks & Spencer has revealed that customer personal data has been taken by hackers after being hit by a damaging cyber attack.
Chief executive Stuart Machin said the data had been accessed due to the “sophisticated nature of the incident”.
Personal data that could have been accessed includes names, email addresses, postal addresses and dates of birth, according to M&S.
But the group stressed the data does not include payment or card details, or account passwords and is not believed to have been shared online.
The high street chain did not say how many shoppers had been affected but has emailed all website customers to alert them about the data breach.
It had 9.4 million active online customers in the year to March 30, according to its last full-year results.
Mr Machin told shoppers there is “no need for customers to take any action”.
In a social media post, Mr Machin said: “We have written to customers today to let them know that unfortunately, some personal customer information has been taken.
“Importantly there is no evidence that the information has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action.
“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online.”
The group has not been able to take any orders through its website or app since April 25 as it tries to resolve the problem, although all stores remain open.
M&S first reported the issue over the Easter weekend, with the incident first causing problems for the retailer’s contactless payments and click and collect orders, while it has also impacted some availability in stores.
A hacking group operating under the name Scattered Spider has been linked to the attack, according to reports.
On Friday May 2, the Information Commissioner’s Office said it is also looking into the attack, as well as a similar major incident involving the Co-op.
Luxury department store Harrods also confirmed earlier this month it had been impacted by an attempted hack and had temporarily restricted internet access across its sites as a precautionary measure.
The National Crime Agency has said that it is investigating the attacks individually but is “mindful they may be linked”.
Read More
