UK retailer Marks & Spencer (M&S) on Tuesday revealed that customer information was stolen in a disruptive cyberattack that occurred over the Easter holiday.
The incident forced the retail giant to suspend online purchases, which remain unavailable. The attack was claimed by the DragonForce ransomware group, which also targeted Co-op and Harrods.
“Today, we are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken,” M&S says in a fresh filing with the London Stock Exchange.
The compromised information includes names, addresses, email addresses, phone numbers, dates of birth, online order history, household information, and ‘masked’ details of the payment card used for online purchases, M&S says in a notice on its website.
For individuals who have or had an M&S credit card or Sparks Pay, customer reference numbers may have been compromised as well.
“Importantly, the data does not include usable card or payment details,” M&S notes, pointing out that it does not store full payment card details.
The company says it has reset user passwords, notifying customers that they would be prompted to choose a new password when accessing their M&S.com accounts.
“Importantly, there is no evidence that this data has been shared and it does not include usable card or payment details, or account passwords, so there is no need for customers to take any action,” the retailer says.
However, it also warns customers that they may receive fraudulent emails, calls, or text messages impersonating M&S, urging them to treat such communication with caution and to never share their personal account information or passwords.
“The exposed personal details will likely be used or sold on the dark web to aid social engineering attacks. With this kind of context, attackers can craft convincing, tailored scams that appear legitimate, from fake delivery updates to bogus account notifications. We often see this kind of breach followed by a wave of personalized phishing attempts. Anyone with an M&S account should be extra cautious and stay alert for emails or texts claiming to be from the retailer,” Pistachio CEO and founder Joe Jones said in an emailed comment.
Related: Suspected DoppelPaymer Ransomware Group Member Arrested
Related: Ukrainian Nefilim Ransomware Affiliate Extradited to US
Related: Ahold Delhaize Confirms Data Stolen in Ransomware Attack
Related: Kidney Dialysis Services Provider DaVita Hit by Ransomware