arrow - Fotolia

M&S data breach forces retailer to temporarily suspend service

A glitch that allowed online customers to see each others' details forced retailer Mark & Spencer to take its website offline while it resolved the issue

Retailer Marks & Spencer was forced to suspend its website earlier this week (27 October 2015) as customers saw the details of other consumers when logging in.

Customers logging in to pay for goods could see other customer’s personal details – including their names and orders made.

The retailer has admitted the fault was due to a technical difficulty, as opposed to forced third-party access.

“We can confirm that around 800 people were affected by a technical issue that led to us temporarily suspending our website on Tuesday evening,” a spokesperson for Marks & Spencer said:

“We have now written to the customers affected to apologise and to assure them that their financial details are safe.

No financial information was exposed, but customers may have been able to see the last four digits of a registered card and recent orders.

The retailer claimed those affected were contacted, although it was not certain whether all of those with M&S accounts were informed.

Although there will be no financial implications for customers, the fault has flagged concern over how large companies handle customers' data.

The IT glitch came at a time of year when retailers are gearing up for peaks in customer demand through e-commerce and mobile sites ahead of Black Friday and Christmas.

Marks and Spencer was only forced to take down its website for a few hours while it fixed the problem, and the website had returned to normal by the following day.

But retailers often rely on the period following Hallowheen to boost online sales, and any problems encountered can lead to customers shopping elsewhere, which can be detrimental to retailers.

Marks and Spencer is not the only high-profile security faux pas to take place at the tail end of 2015, with TalkTalk suffering a third-party data breach, thought to have exposed the details of up to four million customers.

Read more about data security

  • Information security professionals need to start really caring about security and ensuring the suppliers and businesses do the same, according to a security researcher.
  • Most companies take reasonable steps to protect their networks from virus attacks, but one area of vulnerability that is often overlooked is infection from employees’ home networks.

 

Read more on Privacy and data protection