- M&S confirms customer information has been taken following a cyberattack
- The attack has caused significant disruption
- Online orders are still affected weeks later
In a letter to customers, retail giant Marks and Spencer has revealed that personally identifiable information (PII) has been stolen by cybercriminals. This follows the cyberattack that hit M&S which forced the firm to disable online shopping orders, click and collect, and contactless payments in some stores.
A statement, posted on LinkedIn, confirms that “unfortunately, some personal customer information has been taken,” but that “importantly, there is no evidence that the information has been shared and it does not include usable card or payment details, or account passwords, so there is no need for customers to take any action.”
Online orders are still suspended for the shopping site, and some product availability has been affected. The incident, which seems to have been a ransomware attack, took systems offline and caused undeniable disruption to the retailer’s operation.
Continued disruption
Returning customers will be prompted to reset their passwords on the M&S online site next time they visit “to give customers an extra piece of mind,” and the firm has assured customers it is “working around the clock to get things back to normal” for its customers.
“The attack on M&S is another stark reminder that ransomware gangs are evolving faster than traditional defences can cope,” says Camellia Chan, CEO and co-founder of AI cybersecurity firm X-PHY.
“Prevention must be built in from the ground up. Businesses need a multi-layered approach that combines hardware-level security to detect and block attacks early. This should be combined with an AI-driven threat detection layer that automate detection and enforce policies in real time. With human-error contributing to 95% of data breaches, this removes the burden of constant vigilance from employees and constant resilience testing.“
If anyone is concerned their data may have been taken, we recommend using a dark web monitoring service, or using a breach monitor such as Have I Been Pwned to check for potential exposures.
Leave a comment