The renowned British retailer reported that personal customer information may have been compromised and is now working with authorities to address the situation.
Marks & Spencer Faces Cybersecurity Breach Exposing Customer Data
Marks & Spencer Faces Cybersecurity Breach Exposing Customer Data
The significant cyberattack on M&S has temporarily halted online orders and has raised concerns regarding customer data security.
Marks & Spencer (M&S), a leading British retail chain, announced on Tuesday that a cyberattack last month had led to the theft of certain customer data, disrupting its ability to process online orders for an extended period. According to a communication sent to customers, the breach may have exposed personal information such as contact details and birth dates, though M&S clarified that no card, payment information, or account passwords were compromised.
With reported annual revenues exceeding £13 billion (about $17.2 billion) for the year ending March 2024, M&S is taking the incident seriously, having alerted government and law enforcement agencies. The breach comes amidst a worrying trend of cyberattacks targeting British retailers. Just last month, luxury department store Harrods faced brief disruptions in service, while Co-op reported limited effects on back office and call center operations due to a cyber incident.
Growing concerns surround ransomware attacks, which threaten not only to steal sensitive data but also disrupt critical services. For instance, in a related incident last year, hospitals in the U.K. were severely impacted, leading to the cancellation of over 800 operations, along with significant rescheduling of outpatient appointments, including critical cancer treatments.
The specific perpetrators behind the recent string of attacks remain unknown, and their possible connections are still being investigated. In response to this situation, the National Cyber Security Center (NCSC) has stated that they are collaborating with the affected companies to assess the nature of these attacks and offer guidance to safeguard against future incidents.
Richard Horne, CEO of the NCSC, emphasized the need for organizations to treat these cybersecurity breaches as a critical warning, urging them to implement robust preventive measures to defend against similar threats in the future.
