Marks & Spencer has revealed that a cyber attack, which has disrupted their online operations for more than three weeks, has resulted in some personal customer information being compromised.
The retailer’s IT systems have struggled to process online orders due to these ransomware attacks. Consequently, the in-store availability of certain products has also been affected while they worked to handle the situation by taking parts of the system offline.
The company has assured that the accessed data does not include sensitive payment information or account passwords. Reports indicate that the stolen details comprise names, addresses, and order histories.
M&S informed customers that there’s no immediate need for them to take additional security measures. However, they have not disclosed the number of customers impacted.
“Today, we’re informing customers that some personal data was taken due to the sophisticated nature of this incident,” the company stated.
Importantly, they reiterated that the data does not encompass any payment details or passwords, and there’s no indication that this information is being shared.
Since April 25th, customers have been unable to place orders via the website or app as the company works to fix the issue connected to a hacking group known as Scattered Spider.
The retailer mentioned that they have implemented protective measures for their systems and are engaging with cybersecurity experts while also reporting the matter to relevant authorities and law enforcement.
The Intelligence Committee’s office confirmed receiving reports from M&S and the Co-Op Group on May 2nd. The ICO stated it is collaborating closely with the National Cybersecurity Centre.
Stephen Bonner, a member of the ICO vice committee, noted, “We understand that seeing news about cyber attacks can be concerning for customers.” He pointed out that there is guidance available on the ICO’s website for those worried about their personal information.
