M&S says customer data was stolen in cyber attack – Daily Business

Marks and Spencer has confirmed that some personal consumer data was stolen in last month’s cyber attack.

The retail group says the data does not not include useable payment or card details, which it does not hold on its systems, and it does not include any account passwords.

“There is no evidence that this data has been shared,” said M&S in an update on the incident on 22 April which caused huge disruption to its online operations.

It said that as part of its “proactive management” of the incident, “we have taken steps to protect our systems and engaged leading cyber security experts.

“We have also reported the incident to relevant government authorities and law enforcement, who we continue to work closely with.

“Today, we are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken.

“Importantly, the data does not include useable payment or card details, which we do not holdn our systems, and it does not include any account passwords. There is no evidence that this data has been shared.

“We have said to customers that there is no need to take any action. For extra peace of mind, they will be prompted to reset their password the next time they visit or log onto their M&S account and we have shared information on how to stay safe online.

“We remain grateful for the support that our customers, colleagues, partners and suppliers have shown us during this time.”