Marks & Spencer confirms customers’ personal data was stolen in hack

U.K. retail elephantine Marks & Spencer has confirmed hackers stole its customers’ idiosyncratic accusation during a cyberattack past month.

In a little statement with London’s banal speech connected Tuesday, the retailer said an unspecified magnitude of lawsuit accusation was taken successful the information breach. The BBC, which first reported the company’s filing, cited a Marks & Spencer online letter arsenic saying that the stolen information includes lawsuit names, dates of birth, location and email addresses, telephone numbers, household accusation and online bid histories.

The institution besides said it was resetting the online relationship passwords of its customers.

Marks & Spencer continues to acquisition disruption and outages crossed its stores, with immoderate market shelves remaining bare aft the hack affected the company’s operations. The company’s online ordering strategy for customers besides remains offline.

It’s not wide however galore individuals’ information was stolen during the hack. When reached by TechCrunch, Marks & Spencer spokesperson Alicia Sanctuary would not accidental however galore individuals are affected and referred TechCrunch to its online statement. Marks & Spencer had 9.4 cardinal online customers as of 30 March 2024, per its astir caller yearly report. 

A ransomware and extortion pack called DragonForce reportedly took recognition for the cyberattacks connected respective U.K. retail giants, including Marks & Spencer, per media reports. 

U.K. retailers the Co-op and Harrods were besides targeted by hackers astatine astir the aforesaid clip arsenic Marks & Spencer was hacked. The Co-op initially said determination was nary grounds that information was compromised, but aboriginal said the hackers had stolen lawsuit data. In an update to its website, the Co-op said lawsuit names, dates of birth, location and email addresses, and telephone numbers were exfiltrated.

The BBC reported past week that DragonForce claimed it had the backstage accusation of 20 cardinal radical who signed up to Co-op’s rank program, including existent and erstwhile members.

The U.K. National Cyber Security Centre said last week that it was “working with the victims and instrumentality enforcement colleagues” to recognize much astir the hacks.