In This Article:
Retail giant Marks & Spencer has revealed that customer personal data has been taken by hackers after being hit by a damaging cyber attack.
Chief executive Stuart Machin said the data had been accessed due to the “sophisticated nature of the incident”.
Personal data that could have been accessed includes names, email addresses, postal addresses and dates of birth, according to M&S.
But the group stressed the data does not include payment or card details, or account passwords and is not believed to have been shared online.
The high street chain did not say how many shoppers had been affected but has emailed all website customers to alert them about the data breach.
It had 9.4 million active online customers in the year to March 30, according to its last full-year results.
Mr Machin told shoppers there is “no need for customers to take any action”.
In a social media post, Mr Machin said: “We have written to customers today to let them know that unfortunately, some personal customer information has been taken.
“Importantly there is no evidence that the information has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action.
“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online.”
The group has not been able to take any orders through its website or app since April 25 as it tries to resolve the problem, although all stores remain open.
M&S first reported the issue over the Easter weekend, with the incident initially causing problems for the retailer’s contactless payments and click and collect orders, while it has also impacted some availability in stores after it took some of its systems offline in response.
A hacking group operating under the name Scattered Spider has been linked to the ransomware attack, according to reports.
On May 2, the Information Commissioner’s Office said it was also looking into the attack, as well as a similar major incident involving the Co-op.
The Co-op has also apologised to customers after hackers accessed and extracted members’ personal data, such as names and contact details, while it too has suffered availability problems as a result of the attack.
Luxury department store Harrods also confirmed earlier this month it had been affected by an attempted hack and had temporarily restricted internet access across its sites as a precautionary measure.
The National Crime Agency has said it is investigating the attacks individually but is “mindful they may be linked”.