Marks & Spencer has revealed that customer personal data has been taken by hackers after the retail giant was hit by a damagingcyber attack.
Chief executive Stuart Machin said the data had been accessed due to the “sophisticated nature of the incident” but stressed that this does not include payment or card details, or account passwords.
"Importantly, there is not evidence that the information has been shared," he added.
In a social media post, Mr Machin said there is “no need for customers to take any action”.
“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online,” he said.
The high street chain did not say how many customers had been affected.
M&S has struggled to grapple with the fallout of the hack and retail experts have said it is likely to lead to a significant profit hit.
The group's annual results on May 21 will be watched closely for any update on the financial impact.
M&S has not been able to take any orders through its website or app since 25 April as it tries to resolve the problem.
The incident first caused problems for the retailer’s contactless payments and click and collect orders, while it has also impacted some availability in stores.
A hacking group operating under the name Scattered Spider has been linked to the attack, according to reports.
The Metropolitan Police confirmed it was called in relation to the attack, with detectives from the force’s cyber crime unit launching an investigation which remains ongoing.
The retailer is also working with experts from both the National Crime Agency and the National Cyber Security Centre, with the former telling The Independent that the two groups were working “to better understand the incident and support the company”.
On 2 May, the Information Commissioner's Office said it was also looking into the attack, as well as a similar major incident involving the Co-op.
The Co-op has also apologised to customers after hackers accessed and extracted members' personal data, such as names and contact details, while it too has suffered availability problems as a result of the attack.
Luxury department store Harrods also confirmed earlier this month it had been affected by an attempted hack and had temporarily restricted internet access across its sites as a precautionary measure.
What to do if you fear your details have been accessed in a cyber attack
What is a sim-swap? How you could be targeted by the fraud used to hack M&S
Over 19 billion passwords hacked in security crisis – how to find if yours is exposed
Wave of retailer hacking incidents ‘a wake-up call’, minister to say
Inside Bradley Wiggins’ tragic fall from Olympic hero to functioning cocaine addict
Landscape that inspired Brontë sisters’ books made a nature reserve
