UK retailer Marks & Spencer has suffered a cyberattack that has been adversely affecting for at least a month, with effects expected to continue for another two months.
The breach is expected to cost the company about 300-million pounds in lost profits this year.
A note from Jayne Wall, who looks after customer service at M&S, assures customers that the company has taken steps to protect systems and engaged cyber security experts.
“We also reported the incident to relevant government authorities and law enforcement, who we continue to work closely with,” she writes.
While some personal customer data has been taken, she stresses that there is no evidence that it has been shared. The personal data could include contact details, date of birth and online order history.
“However, importantly, the data does not include useable card or payment details, and it also does not include any account passwords.”
Wall urges customers to be wary of emails, calls or texts claiming to be from M&S. “Remember that we will never contact you and ask you to provide us with personal account information, like usernames, and we will never ask you to give us your password.”