Marks and Spencer customer details leak
Marks and Spencer was forced to shut down its website for two hours on Tuesday night, after customers noted that they could see other people’s details when logged into their own accounts.
The issue was apparently due to what an M&S spokesperson described as “a technical issue.” Names, dates of birth, previous orders and payment details were momentarily shown, although credit card details were not exposed during the error.
The firm said it pulled the plug on the website “to thoroughly investigate and resolve the issue and quickly restore service.”
Keith Poyser, managing director (EMEA) of cloud security firm Accellion said that M&S’ technical error signals a larger issue with cyber security in the UK:
“The extent of the damage in Marks & Spencer’s security breach may be unknown, but what we do know is that every organisation needs to take cyber security and data leak prevention more seriously,” commented Poyser. “From Sony to TalkTalk, this issue continues to rear its ugly head, yet cyber security is still not ingrained at every level of UK organisations’ cultural mindset.”