Marks and Spencer says customer data stolen as part of ongoing cyber attack
Retail giant Marks and Spencer has apologised once again to customers after it revealed that personal data had been stolen as part of an ongoing cyber attack.
Watch more of our videos on ShotsTV.com
and on Freeview 262 or Freely 565
The store, which has major branches in both Wolverhampton and Brierley Hill, said that the data which could have been accessed includes names, email addresses, postal addresses and dates of birth - but stressed the leak does not include payment or card details, or account passwords.
Marks & Spencer has been battling to get services back to normal since the attack began in April, which led to the suspension of online orders and contactless payments not working in some stores.
Earlier today, M&S Chief Executive Stuart Machin confirmed that personal customer information had been taken by hackers, and said the company had written to customers with information about keeping their account secure.
“Importantly there is no evidence that the information has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action," he said.
“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online.”
In a statement, the company urged shoppers to continue visiting stores in person as it battled to gain control of its systems.
"Our teams are doing the very best they can, and are ready to welcome you into our stores," they said in a social media post.
"Thank you for your support and thank you for shopping with us, we will continue to keep you updated."
Meanwhile, experts from Birmingham City University have warned that the leak may increase the risk of serious threats in the future, and say customers should remain vigilant to the threat of phishing attempts in the short term.
Birmingham City University's (BCU) Deputy Head of the College of Computing and Cybersecurity expert, Dr Junaid Arshad, described the attack as "very concerning" for customers.
“The attack and new details around this are very concerning indeed, particularly as personal data appears to have been compromised", he said.
“M&S boasts a massive customer base of over 9 million people, however the proportion of the customers affected by this attack remains undisclosed.
“As a result, impacted customers may be more susceptible to Identity Theft, Phishing emails, and different forms of social engineering attacks that take advantage of personal data to build trust with victims.
“The data involved may seem harmless, however adversaries can use these simple data items like your date of birth to craft much more sophisticated measures, which can cause significant harm.
“Customers should keep a close eye on their financial profiles for anything unusual, and be extra wary of suspect emails and messages, even if they include references to your personal information.”
