Marks & Spencer has revealed customers’ personal data has been taken by hackers after it was hit by a damaging cyber attack.
The retail giant’s chief executive Stuart Machin said the data had been accessed due to the “sophisticated nature of the incident” but stressed that this does not include payment or card details, or account passwords.
In a social media post, Mr Machin said there is “no need for customers to take any action”.
“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online,” he said.
M&S has been struggling for weeks after hackers, reportedly from the Scattered Spider hacking group, attacked their networks.
Read more: Who are Scattered Spider?
The British retailer was forced to halt recruitment amid the ongoing attack that became apparent on Easter Monday.
Shelves around the country have been bare and customers were unable to shop online.
Agency staff at some distribution centres were also told to stay at home because of the attack.
Last week, an M&S insider told Sky News it could be “months” before the retailer fully recovers from an ongoing, severe cyber attack – and that the company had no plan for such an incident.
An employee at M&S’s head office, who spoke to Sky News on condition of anonymity, said that last week had been “just pure chaos”.
“We didn’t have any business continuity plan [for this], we didn’t have a cyber attack plan,” the source said.
“In general, it’s lots of stress. People have not been sleeping, people have spent their weekends working, people sleeping in the office – just reactive response.”
This breaking news story is being updated and more details will be published shortly.
Please refresh the page for the fullest version.
You can receive breaking news alerts on a smartphone or tablet via the Sky News app. You can also follow us on WhatsApp and subscribe to our YouTube channel to keep up with the latest news.
