Marks & Spencer has confirmed that customers’ personal data was stolen by hackers after it was hit by a damaging cyber attack late last month.
The Leeds Market-founded retail giant’s chief executive Stuart Machin said the data had been accessed due to the “sophisticated nature of the incident.”
However he insisted this does not include “usable payment or card details,” which he said the retailer does not hold on its systems. There is also no evidence that account passwords have been shared, M&S said.
The company did not say how many customers have been affected but Machin said there was “no need for customers to take any action”.
“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online,” he said.
READ MORE: Manchester rapper and poet Meduula fronts new campaign for city region
M&S had 9.4 million active online customers in the year to 30 March, according to its last full-year results.
M&S has been struggling for weeks after hackers, reportedly from the Scattered Spider group, attacked their networks. Zain Javed, CTO at Lancaster and Manchester-based Citation Cyber yesterday told Prolific North it could take as long as three years for M&S, as well as fellow cyber attack victims Co-op and Harrods, to fully recover from the attack.
The retailer was forced to halt recruitment amid the ongoing attack that became apparent on Easter Monday. Shelves around the country have been bare and online shopping with M&S is still hampered by the attack.
Agency staff at distribution centres were also told to stay at home because of the attack.
Last week, M&S insiders told Sky News that that the company had no plan for such an incident, and that it had been “pure chaos” in the wake of the attack.
“We didn’t have any business continuity plan [for this], we didn’t have a cyber attack plan,” the source said. “It’s lots of stress. People have not been sleeping, people have spent their weekends working, people sleeping in the office. Just reactive response.”
The Co-op also faced a similar major incident and was forced to apologise after hackers managed to access the data of a “significant number” of past and current members.
In the same week, luxury department store Harrods also suffered an attempted hack and temporarily restricted internet access across its sites as a precautionary measure.
The National Crime Agency has said it is investigating the attacks individually but it is “mindful they may be linked”.
