Marks & Spencer shoppers have been dealt another blow with the department store chain confirming customer data was stolen after the recent cyber attack.
Last month, consumers were left unable to complete payments following the incident which led to a dramatic loss in revenue for the company.
It has not yet been diclosed what information was taken in the cyber attack but Marks & Spencer it does not believe any "useable" payment or card details or any account passwords were taken.
Customers are being urged by the retailer to resort their passwords for any accounts "for extra piece of mind".
Marks and Spencer is alerting customers
GETTYIn an update to M&S customers via its app, the retailer stated: "As we continue to manage the current cyber incident, we have written to customers to let them know that unfortunately the nature of the incident means some personal customer data has been taken.
"Importantly, there is no evidence that this data has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action.
"To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log onto their M&S.com account on our website or app, and we have shared information on how to stay safe online."
When logging on the app, M&S customers do not have an option to refuse resetting their password.
Do you have a money story you’d like to share? Get in touch by emailing money@gbnews.uk.
Cyber attacks are becoming norm in Britain
GETTYAccording to research conducted by Sophos’ State of Ransomware in Retail report 2024, 45 per cent of retail organisations were hit by ransomware last year,
On average, 40 per cent of computers in retail are impacted by a ransomware attack, highlighting growing concerns from the sector.
Some 56 per cent of ransomware attacks on retail organisations resulted in data encryption, a considerable drop from the 71 per cent reported in 2023 and 68 pe cent in 2022
Vivek Dodd, CEO at Skillcast, said: "In the wake of any cyberattack, especially one that severely disrupts operations, it’s easy to hone in on the technical failings. But the real damage is often to trust, particularly when the attack causes wide-spread public concern.
"Retailers who lead with transparency, and make the immediate decision to put people first - by issuing a public apology, prioritising customer communication and taking clear action to protect consumer data - are the ones which will fare the best in times of crisis.
"When systems go offline, empathy can be as powerful as any firewall.
LATEST DEVELOPMENTS:
Customers are being told to reset their password
GEORGIA PIERCE
"Today’s retailers operate in a rapidly shifting threat landscape and every-day reliance on interconnected systems, remote workforces and AI-driven tools has expanded the attack surface dramatically.
"Sophisticated attacks can exploit minor gaps and cause widespread disruption, and even the smallest vulnerability can open the door to large-scale disruption.
"True cyberresilience isn’t just about having firewalls and backups, it’s about preparing for operational continuity and effective response when defences fail."
