- M&S confirms that customer information has been taken after a cyber attack
- The attack has caused significant interruption
- Online orders are still affected weeks later
In a letter to customers, the retail giant Marks and Spencer have revealed that personal identification information (PII) has been stolen by cybercriminals. This follows the cyberattack that reached M&S that forced the company to disable online purchase orders, click and collect, and contactless payments in some stores.
A statement, published on LinkedIn, confirms that “unfortunately, certain personal client information has been taken,” but “it is important that there is no evidence that the information has been shared and does not include details of cards or usable payments, or accounts passwords, so there is no need for customers to take any measure.”
Online orders are still suspended for the shopping site, and some availability of products has been affected. The incident, which seems to have been a ransomware attack, was offline and caused an undeniable interruption in the retail operation.
Continuous interruption
Customers will be asked to return to restore their passwords on the M&S online site the next time they visit “to give customers a mental part”, and the company has assured customers that it is “working throughout the clock so that things return to normal” for their customers.
“The attack on M&S is another marked reminder that ransomware gangs are evolving faster than traditional defenses can face,” says Camellia Chan, CEO and co-founder of the cyber security firm of the X-Phy.
“Prevention must be built from scratch. Companies need a multi -layer approach that combines hardware level to detect and block the attacks early. This must be combined with a threat detection layer drive employees and employee constant and constant.
If it is someone who has taken their data, we recommend using a dark web monitoring service or using a rape monitor as if they have received me to verify the possible exhibitions.
