M&S says some personal data was taken in cyber-attack

Marks & Spencer has said for the archetypal clip that immoderate idiosyncratic lawsuit accusation was taken successful the cyber-attack that has crippled its online operation for much than 3 weeks.

Since the retailer’s IT systems were deed by a ransomware attack, it has not been taking online orders, and the availability of immoderate products successful its stores has been affected aft it took immoderate of its systems offline successful response.

“Today, we are penning to customers informing them that owed to the blase quality of the incident, immoderate of their idiosyncratic lawsuit information has been taken,” the institution said.

“Importantly, the information does not see usable outgo oregon paper details, which we bash not clasp connected our systems, and it does not see immoderate relationship passwords. There is nary grounds that this information has been shared.”

M&S said it had told customers determination was nary request to instrumentality immoderate action, though “for other bid of mind” they would beryllium prompted to reset their password the adjacent clip they log into their M&S account. It did not accidental however galore customers had been affected.

The radical has not been capable to instrumentality immoderate orders done its website oregon app since 25 April arsenic it tries to resoluteness the problems caused by the attack, which has been linked to the hacking radical Scattered Spider.

The retailer said it had taken steps to support its systems and engaged starring cybersecurity experts. It has reported the incidental to applicable authorities authorities and instrumentality enforcement.

The Information Commissioner’s Office confirmed connected 2 May that it had received reports from M&S and the Co-op Group, which has besides suffered a cyber-attack. The ICO said it was moving intimately with the National Cyber Security Centre.

Stephen Bonner, the ICO lawman commissioner, said astatine the time: “We recognise that seeing cyber-attacks successful the quality tin beryllium concerning, particularly if you are a customer.” He said the ICO website had proposal for radical who are disquieted astir their idiosyncratic information.