M&S reveals customers’ personal information was STOLEN in major cyber attack update

We are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken,

the company said in a statement on Tuesday

Importantly, the data does not include useable payment or card details, which we do not hold on our systems, and it does not include any account passwords,

M&S said in its statement

You do not need to take any action, but you might receive emails, calls or texts claiming to be from M&S when they are not, so do be cautious

In an email to customers, M&S operations director Jayne Wall said

Any attack by our software on critical infrastructure, hospitals where patients, children, and the elderly are kept, or on the countries of the former Soviet Union, is a PROVOCATION [sic] by unscrupulous partners.

A statement which claimed to be from the group, released at the end of last month, read

We, as regulators, are doing our best to counteract this, and we will punish any violations, as well as assist in solving the problems of the affected parties.

It added

Importantly, there is not evidence that the information has been shared

he added

To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online,

he said