Marks & Spencer Confirms Customer Data Stolen in Cyber Attack
Marks & Spencer has confirmed that personal customer data was compromised during a recent cyber attack. The stolen information may include names, telephone numbers, home addresses, dates of birth, and online order histories.
The company clarified that no usable payment card details or account passwords were taken. M&S was targeted by the attack three weeks ago and is still working to restore its online services, which remain temporarily suspended.
Customers will soon be asked to reset their online account passwords as a precaution.
Chief Executive Stuart Machin said the retailer is reaching out to affected customers, stating that “some personal customer information has unfortunately been taken.” He added that, so far, there is no evidence that the stolen data has been distributed.
However, there is concern that the attackers may still attempt to share or sell the data in an effort to extort the company, which could increase the risk of identity theft.
While M&S has not disclosed the number of affected customers, it has notified all website users via email, alerted the relevant authorities, and is working closely with cybersecurity experts to track any further developments. As of its latest annual report, M&S had about 9.4 million active online customers in the year ending March 30.
Mr. Machin assured customers that the company is doing everything possible to return operations to normal as quickly as possible.
What Data Was Compromised?
M&S confirmed that the breach may have exposed the following customer information:
- Full name
- Date of birth
- Phone number
- Home address
- Household details
- Email address
- Online order history
The company emphasized that no complete payment card data is stored in its system, so any card information accessed would not be usable.
What Should Customers Do?
M&S stated that no immediate action is required from customers but advised the following:
- Users will be prompted to change their online account passwords
- Customers should remain cautious of any suspicious emails, texts, or calls pretending to be from M&S
- M&S will never request sensitive details such as usernames or passwords by phone or email
Lisa Barber, a tech editor urged people to change their passwords promptly, using unique passwords for different accounts.
Matt Hull, head of threat intelligence at NCC Group, warned that stolen personal information could be used to create convincing scams. He advised customers to avoid clicking on suspicious links and instead visit official company websites directly to verify messages.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
