Marks & Spencer Group Plc said some personal customer data was
stolen by hackers as the British retailer continues to investigate and manag
e a highly-damaging “cyber incident.”
The stolen data does not include “useable payment or card details” and the
re is no evidence it has been shared, the food, clothing and homewares group s
aid Tuesday. Customers do not need to take any action but will be prompted to res
et their passwords when they log into the retailer’s website, it said.
M&S said it’s working closely with cyber security experts and law enfo
rcement as it tries to recover from the “sophisticated nature of the incident.”
Shares of M&S were up 0.8% at 8:45 a.m. in London, after closing at the lo
west level since March 26 on Monday.
The company first announced it had been targeted by hackers on April 22. S
See more beautiful photo albums Here >>>
ome of its systems were infected with ransomware, which encrypts files stored
on computers so they cannot be used. In the aftermath, M&S stopped accepting co
ntactless payments and shut down online orders, and its website is still not working for transactions.
A cybercrime gang has taken credit for a disruptive campaign of attacks
on UK retailers, with the Co-op Group and luxury department store Harrods Ltd. a
lso targeted. Supermarket chain Co-op said this month hackers were able to ex
tract customer data from one of its systems during the recent attack.
A spokesperson for the gang, known as “DragonForce,” told Bloomberg that it
carried out the attacks with partners to extort money from victims.