Personal data stolen in Marks & Spencer cyber-attack
Marks & Spencer has confirmed some customer data was taken in the cyber-attack that hit its systems three weeks ago.
Since 21 April the British retailer has been dealing with a cyber incident that has forced it to shut its online orders and take some of its system offline. It is understood the attack has caused the chain to lose millions in revenue.
M&S said some customer information was accessed during the breach, including people’s names, numbers, and home and email addresses.
However, it confirmed the data theft did not include payment or card details, nor accounts passwords. It added that any card information stolen would not be usable as it doesn’t store full card payment details on its system.
M&S chief executive Stuart Machin said: “There is no evidence that the information has been shared.”
The company has notified customers of the data theft and warned them they might be targeted by scammers.
It has told them they “do not need to take any action” but recommended them to reset the passwords of their accounts “for extra piece of mind”.
It is yet not known how many customers have been affected.
In an email to customers, M&S operations director Jayne Wall said: “You do not need to take any action, but you might receive emails, calls or texts claiming to be from M&S when they are not, so do be cautious.
“Remember that we will never contact you and ask you to provide us with personal account information, like usernames, and we will never ask you to give us your password.”
Holyrood Newsletters
Holyrood provides comprehensive coverage of Scottish politics, offering award-winning reporting and analysis: Subscribe