Marks & Spencer has revealed that some customer data has been accessed by cyber criminals who have hacked the retailer.
Disruption as a result of the attack has been ongoing for almost three weeks at Marks & Spencer, but until now the retailer had said there was no reason for customers to take any action.
However, Marks & Spencer disclosed on Tuesday: “We are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken. Importantly, the data does not include useable payment or card details, which we do not hold on our systems, and it does not include any account passwords. There is no evidence that this data has been shared.
“We have said to customers that there is no need to take any action. For extra peace of mind, they will be prompted to reset their password the next time they visit or log onto their M&S account and we have shared information on how to stay safe online.”
Following the cyber incident which began over the Easter holiday, Marks & Spencer had problems with contactless payments and click-and-collect. Onine trading—which typically generated clothing and home sales of about £4m a day—remains suspended.
No comments yet