The M&S Data Breach: What You Need to Know
Business reporter, BBC News
In a recent cyber attack, M&S, the High Street giant, revealed that personal information of its customers has been compromised. The stolen data may include people’s names, date of birth, telephone number, home address, household information, email address, and online order history. Fortunately, no usable payment or card details were accessed, and no account passwords were compromised.
The cyber attack occurred approximately three weeks ago, causing disruptions to M&S’s services. As a result, online orders have been temporarily suspended as the company works to resolve the issue.
M&S CEO Stuart Machin reassured customers that there is no evidence of the stolen information being shared externally. The company is taking proactive measures to address the breach and enhance security measures.
In a communication to customers, M&S operations director Jayne Wall emphasized that while customers do not need to take immediate action, they should remain cautious of potential phishing attempts. Customers may receive unauthorized emails, calls, or texts claiming to be from M&S, which should be handled with care.
Mr. Machin stated that M&S is working diligently to restore normalcy and ensure the security of customer data. The company first encountered system issues on 25 April, starting with in-store payment disruptions that eventually impacted other areas of the organization.
What Information Was Compromised?
- People’s names
- Date of birth
- Telephone number
- Home address
- Household information
- Email address
- Online order history
M&S clarified that any card information obtained in the breach is not usable, as the company does not store complete card payment details in its systems.
What Should Customers Do?
While customers are not required to take immediate action, they should remain vigilant against potential phishing attempts. M&S advises customers to be cautious of unsolicited communications claiming to be from the company.
M&S is actively working to address the cyber attack and restore its services. Customers can expect heightened security measures and ongoing updates from the company regarding the breach.