Marks and Spencer Group has begun notifying customers that hackers accessed some of their data in an April cyberattack. The British retailer said the information does not include “usable payment or card details,” which it does not store on its own systems, nor any password information. The details taken are names, addresses and order histories.
Customers are however prompted to reset their passwords the next time they visit M&S online or attempt to log in to their accounts.
Since the retailer’s IT systems were hit by a ransomware attack over the Easter weekend, it has not been taking online orders. The availability of some products in its stores has been affected after it took some of its systems offline in response.
The company said on Tuesday that it now realized that some customer data had been accessed but this did not include usable payment or card details, or any account passwords.
M&S said personal information had been accessed because of the “sophisticated nature of the incident”. It however, did not say how many customers had been affected.
“Today, we are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken,” the company said.
“Importantly, the data does not include usable payment or card details, which we do not hold on our systems, and it does not include any account passwords. There is no evidence that this data has been shared.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
