Getty ImagesMarks and Spencer customers have been urged to “stay vigilant” for scams and fraud after the retailer confirmed some personal data had been stolen in a cyber attack on the firm.
The warning comes as the retailer struggles to resume normal operations weeks on from the original hack.
M&S has struggled to grapple with the fallout of the attack and retail experts have said it is likely to lead to a significant profit hit.
What data has been stolen?
Personal data that could have been accessed includes names, email addresses, postal addresses and dates of birth, according to M&S.
But the group stressed the data does not include payment or card details, or account passwords and is not believed to have been shared online.
The high street chain did not say how many shoppers had been affected but has emailed all website customers to alert them about the data breach.
It had 9.4 million active online customers in the year to March 30, according to its last full-year results.
What should I do if I’ve been affected?
Chief executive Stuart Machin told shoppers there is “no need for customers to take any action”.
In a social media post, Mr Machin said: “We have written to customers today (Tuesday) to let them know that unfortunately, some personal customer information has been taken.
“Importantly there is no evidence that the information has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action.
“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online.”
When can I order online from M&S again?
The group has not been able to take any orders through its website or app since April 25 as it tries to resolve the problem, although all stores remain open.
M&S first reported the issue over the Easter weekend, with the incident initially causing problems for the retailer’s contactless payments and click and collect orders, while it has also impacted some availability in stores after it took some of its systems offline in response.
While M&S shoppers are still unable to buy online, it was able to restart contactless payments in store fairly quickly and said customers can now take online order returns to stores.
Who is behind the attack?
A hacking group operating under the name Scattered Spider has been linked to the ransomware attack, according to reports.
The group is notorious in the online criminal world for targeting large companies and breaching their data.
It is believed the attackers used a piece of ransomware called Dragonforce to cripple the system.
Are any other retailers affected?
On May 2, the Information Commissioner’s Office said it was also looking into the attack, as well as a similar major incident involving the Co-op.
The Co-op has also apologised to customers after hackers accessed and extracted members’ personal data, such as names and contact details, while it too has suffered availability problems as a result of the attack.
Luxury department store Harrods also confirmed earlier this month it had been affected by an attempted hack and had temporarily restricted internet access across its sites as a precautionary measure.
The National Crime Agency has said it is investigating the attacks individually but is “mindful they may be linked”.
Follow STV News on WhatsApp
Scan the QR code on your mobile device for all the latest news from around the country
