Business correspondent and Internet correspondent, BBC News
BBCMarks & Spencer revealed that some customer personal data were stolen in the last cyber attack, which can include phone numbers, home addresses and birth dates.
The High Street giant said that the personal information captured can also include the date of online requests, but added that the theft of data did not include batches or card details suitable for use or any account passwords.
M&S was subjected to a cyberspace three weeks ago and struggled to restore services to normal, as applications continue to be suspended online.
The retailer said that he would ask customers to reset the account passwords “for additional peace of mind.”
Continuous problems cost the retail seller 43 million pounds per week from lost sales, according to the analysis of the Bank of America Global Research.
The CEO of M & S Stuart Machin said that the company was writing to customers to inform them that “unfortunately, some customer information was taken.”
“Most importantly, there is no evidence of information sharing,” he added.
However, it is understood that infiltrators can share or sell stolen data as part of their M & S attempts, which still represents the risk of defrauding identity.
The retailer did not reveal the number of his customers who stole their data, but he said that he had sent an email to all users of the site to inform them, and reported the case to the relevant authorities and they were working with cybersecurity experts to monitor any developments.
According to its recent results in the full year, the company had about 9.4 million active customers online in the year until March 30.
Mr. Machin said that M & S “works around the clock to restore things to normal” as soon as possible.
Marx and Spencer was not the only retail that has an electronic accident of this type.
The cooperative, which witnessed a similar attack, is expected to resume online delivery on Wednesday.
Media reports, were martyred for the first time in Al -Gedam magazine says that the retail seller asked suppliers to prepare for online services to resume.
What has been taken?
M & S confirmed that stolen contact information can include:
- name
- date of birth
- phone number
- Home address
- Home information
- Email address
- Date of demand online
The retail seller added that any card -captured card will not be useful because it does not keep details of paying the full card on its systems.
What should you do?
M & S said that people do not need to take any action, but they also said:
- Users will be asked to reset their password for their online account
- Customers should be cautious because they “may receive email messages, calls or texts claiming to be from M&S when they are not.”
- You will never call you M&S and ask for personal account information such as user names or passwords
Lisa Barber, the technology editor in the consumer group that? She said that criminals had been able to access information that can be used in identity fraud.
“It is always good to change your password as soon as possible if there is a safety breach and to ensure that the new password is unique from any other online accounts,” she said.
Matt Hall, president of the threat company at Cyber Security NCC Group, said the attackers who stole personal information can use it to “formulate very convincing fraud.”
“If you are not sure of the email, do not click on any links. Instead, please visit the company’s website directly to verify any claims.”
How did the penetration happen?
The problems in M&S started during the weekend on Easter when customers reported problems with Click & Collection and payments in stores.
The company confirmed that it is dealing with an “electronic incident” while it resumed services inside the store, its requests were suspended on the Internet on its website and its application since April 25.
There is still any word at the time of online appointment.
The M & S ‘advertisement that the customer’s data was stolen as part of the ongoing cybersecurity due to the nature of the attack.
The infiltrators behind it, who recently targeted Co-OP and Harrods used the Dragonforce Crime Service to carry out the attacks.
Dragonforce runs a service for electronic crime on Darknet for anyone to use their malicious programs and location to carry out attacks and blackmail.
The group is known to use the dual blackmail method, which means that they steal a copy of their victim’s data in addition to its stampede to make it unusable.
They can then actually request a ransom for both data removal and delete their copy.
However, if the person or work that has been hacked does not want to pay a ransom, criminals in some cases can start leaking stolen data to other online criminals, who can search for more attacks to gain more sensitive data.
Currently, the DragonForce DARGONNET website does not have any entries about M&S.
“They cost them their wealth”
Jackie Nagton, a business consultant who worked with adult retailers including M & S, Arcadia and Debenhams, told the BBC that the hierarchy in the M & S will take the data breach “seriously”, but it warned of modern retail logistical services “widely complex.”
“I feel they were keeping their powder dry. If they had nothing positive, this does not say anything,” she said.
Ms. Nagon said to all customers who were showing a lot of support and sympathy for the retail seller.
But she added that it is possible that the M & S is a “last week” before she had to provide information about the date of the regular service resumption.
“It costs them wealth,” she said.
The shares in M&S decreased about 12 % over the past month.
