Marks & Spencer, the British retail company, verified on Tuesday that hackers had accessed their customers' personal data following a cybersecurity breach the previous month.
The firm stated in a brief statement released via the London Stock Exchange stating that an undisclosed quantity of client data was compromised in the security breach.
Below is what we understand and what remains unknown regarding the hacking incident, along with steps for impacted consumers to safeguard their information.
What was taken?
The firm stated that during the incident, names, addresses, telephone numbers, along with incomplete credit card details, might have been obtained.
The number of potentially impacted customers remains uncertain, however, according to their latest annual report from March 2024, the firm reported having 9.4 million online clients.
Who is at risk?
Although M&S states that passwords and payment information were not compromised, the firm has cautioned that the stolen data might lead to further security threats.
"Although it’s comforting that payment card and account data do not seem to have been compromised in the M&S cybersecurity breach, it is worrying that perpetrators have managed to obtain information which could potentially be exploited for identity theft," stated Lisa Barber, tech editor at consumer advocacy organization Which?.
What steps can individuals take to safeguard their information?
Initially, update the passwords associated with your M&S account and also modify the ones used across other platforms if they match, making sure each online account has a distinct password.
"M&S customers should keep an eye out for fraudsters who might use the data breach as a chance to reach out pretending to be genuine bodies," Barber stated.
She also cautioned that any unexpected communication should be viewed with skepticism, particularly if someone requests you to confirm account details or payment information, she warned.
Finally, avoid sharing any personal information over the phone or through emails, and reach out to the company directly to verify if it’s really them.
Who is accountable for the M&S incident?
A group known as DragonForce allegedly claimed responsibility for the cyber-attacks on multiple UK stores, such as Marks & Spencer, based on certain reports from British media outlets.
Harrods and the grocery chain Co-op were similarly affected when M&S experienced a data breach at around the same time.
Last week, according to a report by the BBC, DragonForce asserted that they possessed personal data belonging to 20 million individuals who enrolled in Co-op’s member database.