- M&S suffered a cyber attack that affected click and collection systems
- The stores were not largely affected, except that some contactless payment systems are disabled
- It is not yet clear if customer data is affected
Marks and Spencer (M&S) have suffered a “cyber incident” that has affected stores in recent days, which has resulted in “small changes” to store operations to protect customers “and business.”
The retailer confirmed that the click and collection services were affected by technical problems as a result, and some stores could not process the contactless payments. It is not yet clear if this incident has resulted in violated data from customers or employees, or if this was a ransomware attack, but customers must ensure change their passwords and be attentive to a suspicious activity in case.
The retail giant has apologized for any inconvenience, and ensures that he is working with “the best experts” to administer the incident, this is what we know so far.
Business as usual
In a note for customers, the executive director of M&S, Stuart Machin, apologized, confirming that the stores remain open, and the website and the application of the retailer are operating as usual.
“It is not necessary to take any action at this time, and if the situation changes, we will notify you. There may be some limited delays in your order of click and collection, which we are working hard to solve,” Machin writes.
The retail industry is a frequent objective for cyber attacks, often with personal identification information, such as names, email addresses and customer shipping addresses. Criminals who can take control of systems can cost retail companies in time of inactivity, which obtains severe leverage in ransomware incidents.
M&S has confirmed Techradar Pro All contacts without contact now are online again in all stores, and that has seen “positive comments of customers that thank us for our transparency and for the support of colleague of the store.”
In 2024, a supply chain attack hit some of the largest groceries in the United Kingdom, Morrisons and Sainsbury’s, as well as the Starbucks cafeteria, which carry some out -of -line systems in a ransomware attack that saw more than 680 GB of stolen data.
For those affected
Marks and Spencer have not confirmed the nature of this incident, and so far no group of cyber crimes has assumed the responsibility of the incident, nor have they published online client data.
That said, customers would be wise to take some steps in the next few days to be on the same side and get ahead of any impact if their information has been affected.
In an incident like this where it is not clear what, if any, the data has been affected, the first thing to do is change their password and any other site with the same credentials. We have gathered a guide on how to create a safe password to ensure that it is as sure as possible.
The next step, and probably the most important, is to stay attentive. With his name and email address, a criminal can send sophisticated social engineering attacks, intended to deceive him to deliver more information or discharge malware.
Be sure to verify double unexpected communication and email addresses, especially cross reference against legitimate email addresses (these can be found in Google).
Be careful especially with any email to ask you to enter any information, click on a link or scan a QR code. Phishing attacks using QR codes are increasingly common and are more dangerous than ever, so make sure everything you scan be verified in advance.
If a criminal sends an email, most likely there are signs. The first is the email address from which communication comes: if it is G00GLE or M1Crrosoft instead of its legitimate addresses, simply eliminate email. If you receive a text message, email or unexpected phone call from anyone who claims to be a “friend”, of a number or address that does not recognize, especially one that asks you to log in, send money, buy a gift card, be very suspicious.
You may also like
