Some customer data stolen in cyberattack, M&S reveals

(Sharecast News) - High street stalwart Marks & Spencer revealed on Tuesday that customer information was stolen in the cyberattack that hit operations three weeks ago. The company, which still has a pause on all online orders and its click and collect service since the cyber incident was first reported on 22 April, said the "some" of customers' personal data was taken by hackers "due to the sophisticated nature of the incident".

"Importantly, the data does not include useable payment or card details, which we do not hold on our systems, and it does not include any account passwords," M&S said in a statement.

However, the company said there is no evidence that this data has been shared, and told customers that no action was needed.

"For extra peace of mind, they will be prompted to reset their password the next time they visit or log onto their M&S account and we have shared information on how to stay safe online," the retailer said.

Shares in the high street firm, while up 1% on Tuesday, have fallen by around 15% since the incident was first reported.