M&S confirms limited customer data exposed in cyber attack
Marks & Spencer has confirmed that a cyber attack last month led to the theft of “some personal customer information.”
In a statement posted on LinkedIn, the retailer assured customers that there is “no need for any action,” as the compromised data does not include payment or card details.
The company has told the City:
Today, we are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken.
M&S says it will prompt online customers to reset their passwords when they next log in, adding:
Everyone at M&S is working around the clock to get things back to normal for customers as quickly as possible, and we are very sorry for any inconvenience they have experienced. Our stores remain open as they have throughout.
M&S has been battling the disruption caused its cyber-incident for more than three weeks. It was forced to halt all orders through its website and apps at the end of April.
At the start of May, the Information Commissioner’s Office confirmed it had received incident reports from both Marks & Spencer and the Co-op Group, following cyber attacks that affected both organisations.
