MORE than 1000 Scots have joined legal action being taken against Marks and Spencer following a cyber attack.
According to reports from STV, Thompsons Solicitors have launched a class action lawsuit against the retailer following cyber attacks in April, which saw millions of customers' personal data stolen.
The action will allow those affected by the data breach to claim compensation as a collective, rather than pursuing individual claims.
M&S has admitted that the incident was caused by “human error” and said it could cost the firm up to £300 million.
Senior Thompsons partner, Patrick McGuire, told STV that the lawsuit is still in its early stages but “more and more people” have approached the firm.
He said: “What that shows is how strongly Marks customers feel about that incident. They are upset, distressed and angry at the way the company treated them, the way it’s been almost brushed under the carpet.
“Unless M&S can show they had absolutely nothing to do with the loss, that they could’ve done nothing else to prevent the loss from happening, they are liable in law to pay compensation.
“That’s clearly the case in this incident; they did not do enough, they did not have robust enough systems, they are legally responsible.”
McGuire said in a statement to The National: “The level of engagement from the public with this class action has been huge. It is the fastest growing case we have ever handled.
“The public are furious with M&S, who they saw as a trusted brand while the hackers saw them as an easy target.
“The failure to protect our clients' valuable data has led to many already being targeted by organised criminals.
“I expect this case to continue to grow and we will make sure our clients get proper compensation for this huge breach of trust.”
Thompsons have represented clients in previous data breaches, including Arnold Clark and the University of the West of Scotland.
An M&S spokesperson told The National: "We wrote to our customers as soon as we could in relation to their personal data, making clear that no useable card or payment details or account passwords had been extracted during the cyber incident, and that there was no evidence that any customer data had been shared, which we continue to monitor and remains the case.”
