Personal customer data including dates of birth, ‘household information’, telephone numbers and ‘masked’ payment card details have been taken by hackers, M&S warned its customers this morning.
The retailer said customers should be extra cautious as they “might receive emails, calls or texts claiming to be from M&S when they are not”.
An update from M&S’s director of central operations Jayne Wall to shoppers said that they “do not need to take any action” but should be wary of cyber criminals contacting them pretending to be from M&S and asking them to provide account details and passwords.
The retailer said the stolen data “does not include useable card or payment details” as M&S does not hold full payment card details on its systems, only ‘masked’ details.
M&S said despite the hack of the personal data, there is to date “no evidence that it has been shared”.
Shoppers with accounts at M&S will be prompted to change their passwords when they next log in.
M&S cyber incident impact
M&S chief Stuart Machin first revealed the retailer had been hacked on 22 April, telling customers there was “no need for you to take any action”. The attack disrupted contactless payments, online orders, its loyalty app and charitable food donations from stores. It has forced the retailer to halt online clothing and home deliveries and led to what it has called “pockets of limited availability in some stores” as it impacts depot computer systems.
Earlier this month, Machin issued a new apology to customers saying the company had been battling “day and night” to manage the incident and “get things back to normal for you as quickly as possible”.
Staff have been sharing war stories online of having to check freezers frequently because defrost alarms are not working. The Sparks loyalty app – which has more than 18 million members – has been unable to process rewards. M&S’s scan & shop service has been suspended, and some stores have even been rendered cash-only.
“It’s easier to list the things that work than the things that don’t,” one staff member posted online.
In an alert to the London Stock Exchange this morning, M&S said: ”As part of our proactive management of the incident, we have taken steps to protect our systems and engaged leading cybersecurity experts. We have also reported the incident to relevant government authorities and law enforcement, who we continue to work closely with.”
No comments yet