UK retailer Marks & Spencer reports that some personal customer data was stolen in a recent cyberattack that has disrupted online services.
The retailer faced a hacking incident three weeks ago. While in-store services have been restored, the company currently remains offline for internet and app-based sales.
In an update to the stock exchange, M&S stated that the stolen customer data includes names, addresses, dates of birth, and order histories. Importantly, the company noted, “The data does not include usable payment or card details, which we do not hold on our systems, and it does not include any account passwords.” They also confirmed that there is no evidence of the data being shared.
M&S has not provided a timeline for the restoration of online services, but customers will need to reset their passwords upon their next login.