- M&S confirms that customer information was taken following a cyber attack
- The attack caused significant disturbances
- Online commands are always affected weeks later
In a letter to customers, the retail giant Marks and Spencer revealed that personally identifiable information (PII) has been stolen by cybercriminals. This follows the cyber attack that struck M&S which forced the company to deactivate the online purchase orders, click and collect and contactless payments in certain stores.
A statement, published on LinkedIn, confirms that “unfortunately, some personal information from customers has been taken”, but that “above all, there is no evidence that the information has been shared and do not understand the usable card or payment details, or passwords of the account, so it is not necessary for customers to take action.”
Online orders are always suspended for the purchase site and a certain availability of products has been assigned. The incident, which seems to have been a ransomware attack, put the systems offline and caused an undeniable disturbance to the exploitation of the retailer.
Continuous disturbance
Return customers will be invited to reset their passwords on the M&S online site the next time they will visit “to give customers an additional piece of mind”, and the company has assured customers that it “works 24 hours a day to bring things to normal” for its customers.
“The attack on M&S is another brutal reminder that the ransomware gangs evolve faster than the traditional defenses can face,” explains Camellia Chan, CEO and co-founder of the Cybersecurity Society of the X-Phy.
“Prevention must be integrated from zero.
If someone is concerned, his data may have been taken, we recommend that you use a dark web surveillance service or to use a violation instructor, as I had been PWAD to check the potential exhibitions.
