British retailer Marks & Spencer said on Tuesday that some personal data of its customers was stolen in a cyberattack that has crippled its online services for weeks.
M&S operations have since Easter been hampered by a ransomware sting which has forced the retailer to suspend online sales, contactless payments in-store and even recruiting operations.
“We are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken,” the company said in a statement on Tuesday.
The information stolen could include names, dates of birth, home addresses and telephone number, it said.
M&S added that the data taken did not include “usable payment or card details”, nor account passwords.
There is “no evidence” that the data taken has been shared, it said in the statement.
The retailer did not specify how many of its shoppers had been impacted.
It said there is “no need for customers to take any action”, but warned them to be wary of emails or text messages that include links to click.
M&S said it has reported the incident to relevant government authorities and law enforcement.
A wave of cyberattacks have hit British retailers in recent weeks, including luxury department store Harrods and the Co-op food chain.
© 2025 AFP
Citation:
Customer data stolen in Marks & Spencer cyberattack (2025, May 13)
retrieved 13 May 2025
from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
Leave a comment