M&S says customers’ personal data taken by hackers

Marks & Spencer has revealed customers’ personal data has been taken by hackers after it was hit by a damaging cyber attack.

The retail giant’s chief executive Stuart Machin said the data had been accessed due to the “sophisticated nature of the incident” but stressed that this does not include payment or card details, or account passwords.

The high street chain did not say how many customers had been affected.

In a social media post, Mr Machin said there is “no need for customers to take any action”.

“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online,” he said.

M&S has been struggling for weeks after hackers, reportedly from the Scattered Spider hacking group, attacked their networks.

The British retailer was forced to halt recruitment amid the ongoing attack that became apparent on Easter Monday.

Shelves around the country have been bare and customers were unable to shop online.

Agency staff at some distribution centres were also told to stay at home because of the attack.

Last week, an M&S insider told Sky News it could be “months” before the retailer fully recovers from an ongoing, severe cyber attack – and that the company had no plan for such an incident.

An employee at M&S’s head office, who spoke to Sky News on condition of anonymity, said that last week had been “just pure chaos”.

“We didn’t have any business continuity plan [for this], we didn’t have a cyber attack plan,” the source said.

“In general, it’s lots of stress. People have not been sleeping, people have spent their weekends working, people sleeping in the office – just reactive response.”