Marks & Spencer's popular Click & Collect service has fallen victim to a sophisticated cyber attack, potentially exposing customers' personal and payment details. The retail giant has confirmed unauthorised access to its systems, with hackers targeting online orders placed for in-store collection.
What Happened?
The breach occurred over a 48-hour period, during which cyber criminals gained access to customer names, contact details, and partial payment information. While full credit card numbers weren't compromised, security experts warn this data could still be used for phishing scams and identity theft.
Customer Warning
M&S is urging all customers who used Click & Collect between [insert dates] to:
- Check bank statements for suspicious activity
- Be wary of unexpected emails or calls requesting personal information
- Change online account passwords immediately
- Report any fraudulent transactions to their bank
Company Response
A spokesperson for Marks & Spencer stated: "We've taken immediate action to secure our systems and are working closely with cybersecurity experts and authorities. The safety of our customers' data remains our top priority."
The retailer has temporarily suspended parts of its Click & Collect service while investigations continue. Customers are being contacted directly if their data was affected.
Growing Retail Threat
This incident highlights the increasing risk to major retailers from cyber criminals. Just last month, [competitor] faced similar attacks, signalling a worrying trend in the sector. Cybersecurity analysts recommend:
- Using unique passwords for each online account
- Enabling two-factor authentication where available
- Monitoring credit reports for unusual activity
M&S has set up a dedicated helpline for concerned customers and promises to provide updates as more information becomes available.
