Marks & Spencer (M&S) has confirmed that a recent cyber attack has resulted in the theft of personal customer data, including sensitive information such as telephone numbers, home addresses, and dates of birth. The retailer is currently grappling with the aftermath of the attack, which has severely disrupted its online services and led to significant financial losses.
Key Takeaways
- M&S has reported a data breach affecting personal customer information.
- The stolen data does not include payment details or passwords.
- Online orders remain suspended, costing the retailer £43 million weekly.
- Customers are advised to reset their passwords and be cautious of phishing attempts.
Overview Of The Cyber Attack
The cyber attack on M&S occurred approximately three weeks ago, coinciding with the Easter weekend when customers began experiencing issues with Click & Collect and contactless payments. Although in-store services have resumed, online ordering has been suspended since April 25, with no clear timeline for restoration.
M&S chief executive Stuart Machin stated that the company is actively informing customers about the breach and is working with cybersecurity experts to monitor the situation. The retailer has not disclosed the exact number of affected customers but has communicated with all users of its website.
What Data Was Stolen?
The personal information compromised in the attack includes:
- Names
- Dates of birth
- Telephone numbers
- Home addresses
- Household information
- Email addresses
- Online order histories
M&S has assured customers that no usable payment or card details were taken, as the company does not store full card information on its systems.
Customer Guidance
In light of the breach, M&S has advised customers to take the following precautions:
- Reset their online account passwords for added security.
- Remain vigilant against potential phishing scams, as they may receive fraudulent emails, calls, or texts claiming to be from M&S.
- Be aware that M&S will never request personal account information like usernames or passwords via email.
Experts recommend that customers change their passwords immediately and ensure that their new passwords are unique to enhance security.
Financial Impact On M&S
The ongoing disruption caused by the cyber attack is estimated to be costing M&S around £43 million per week in lost sales. The company’s shares have also seen a decline of approximately 12% over the past month, reflecting investor concerns over the incident and its implications for the retailer’s operations.
The Nature Of The Attack
The hackers responsible for the breach are believed to have used the DragonForce cyber crime service, which operates on the dark web. This service allows criminals to execute attacks and extort businesses. The group employs a double extortion method, where they not only steal data but also encrypt it, demanding a ransom for its release.
While M&S has not yet seen any leaked data on DragonForce’s darknet site, the risk remains that the stolen information could be sold or used for identity fraud.
Conclusion
As M&S continues to navigate the fallout from this cyber attack, customers are urged to remain vigilant and proactive in protecting their personal information. The retailer is committed to restoring normal operations as quickly as possible, but the incident serves as a stark reminder of the growing threat of cyber crime in the retail sector.
