M & S customers data stolen

[Zippedydodah]

http://www.bbc.co.uk/news/articles www.bbc.co.uk/news/articles]]]]
Oh great 😵‍💫
I’ve previously had my account fraudulently accessed, was assured it wouldn’t happen again.
One store I won’t be buying from online or in store if they can’t keep our data safe.

i used paypal for a shop which now wont let me return the goods in store! not m and s,

Your data is everywhere ?
m and s us just one place it may be
it was the NHS last year
it will be your bank , hairdressers or school next year

it a crime that has been around for. Years and isn’t going away

id not fret too much about it nothing you can do

someone altered my asda order and changed the delivery address, luckily i noticed!

I'm wondering if this whole thing will be curtains for M&S

Can businesses like theirs get insurance for cyber attacks?

I got an email this morning with the below

“ the nature of the incident means that some personal customer data has been taken, but there is no evidence that it has been shared. The personal data could include contact details, date of birth and online order history. However, importantly, the data does not include useable card or payment details, and it also does not include any account passwords. “

Will be expecting some calls from someone telling me my birthday and that I buy a lot of minimiser bras!

I was prompted to change my password as a precaution but I’m not worried. It’s very annoying how long the website has been down though, and my local M&S is crap for good stock at the best of times. You have to wonder how long they can go on like this…

Good grief!

I doubt any company can keep your data totally safe OP. As technology advances so does the sophistication and skill of hackers. You’ll soon be left behind if you start boycotting businesses based on how much damage they receive from cyberattacks.

For me the issue here would be that my trust has gone down. Both M&S and Co Op seemed to have minimised the issue. Or it certainly begs the question when did M&S know about this?

I’m not fussed about being ‘left behind’, at 71 it really doesn’t bother me.
M&S’s assurances didn’t stop several thousands of pounds being taken from my account (confirmed it was linked by my bank) so their stating they don’t hold full banking details is bullshit.
I also had random articles bought online, from MS, during this period that definitely weren’t purchased by me.

I cancelled my online details with Asda after five separate debits taken from my account on the same day as an online ASDA grocery delivery.

I think they are being overwhelmed with people changing their password. I tried to this morning and it took hours for the re-set email to arrive. When it arrived, the link in it had timed out. I requested a new email… that was hours ago and the email hasn’t arrived yet.

I didn’t get this email, I wonder if they sent it out to the affected users only, or first even.

I have accounts with Co-op and M&S, and freaked out initially (started looking into CIFAS before realising the headaches it would give me when it came to re-mortgaging). I've also lost personal documents in the last 15-odd years and used a lot of probably sketchy websites that I thought were legit.

There's basically nothing you can do and nothing they can do by this point. The information is already out there. Just keep an eye on your credit/financial accounts, and report it if you see something suspicious, then go through the appropriate channels.

It's incredibly distressing and frustrating, but it's just a fact of using the internet these days. You just have to report it ASAP and make sure your bank has your back.

Defeatist as it may sound, I've decided simply not to care because there's sod all I can do to stop it now there's been a breach. In future, I'll be more careful about the details I share. But one day (hopefully a long time yet) I'll be dead and none of this will matter.

FWIW, I've checked my email address on haveibeenpwned.com (recommended by ICO, I think?) and it hasn't been taken so it may just be some data. Admittedly HIBP isn't updated in real-time but will help to keep an eye on things.

Also - surprisingly- I haven't had an email from M&S or Co-op yet...

This happened to me with Fat Face a number of years ago, when they had a data breach. I was really impressed how they handled it. They informed you very quickly and gave you a year's free Experian account for identity theft.

Wish M&S would offer that! I've taken out the Experian "Identity Plus" again - it's £10.99 a month. So it would be nice if M&S offered a coupon to get it free! Experian notify you if anything is taken out in your name. It's the identity theft I worry about more than the email address. If they have your name, address, phone number and date of birth, a fraudster could open all kinds of things in your name!

The news report says the data hasn't been "shared" but the hackers may well decide to share it if M&S doesn't pay their ransom (which I assume they won't and will just try and get it fixed some other way).

Experian alert you if anything new is opened in your name.

I had this email today too

It's actually quite annoying because I was hoping their site would come back up. I know there's not a lot of fans on this board but I was about to stock up on summer T-shirts and various other basic bits. I know what fits me there, etc etc and not sure where else to go.

I could actually go into a London M&S, but that would be a risk with stock levels and potentially a wasted train fare and general hassle.

They're losing £4 million a day or something I think.

I went in to an M & S shop today but all the T shirt stock was in smaller sizes 10s, 12s 14s and a few 16s there was one size 18! Spoke to a member of staff and they said larger sizes tend to be online only!

This is tolerable in normal situations, but as it is not possible to order online, it would be helpful to vary the stock sizes in store.

I got the email too today and changed my password but I don’t agree with the sentiment that you just have to just crack on, get over it and it’s just the times we live in - M&S was at fault in some way and I’m not happy with their security with my details. Local M&S had hardly any stock on shelves yesterday and I think the PR has been shite. Not going to order anything online via them for quite a while, if ever. I’d rather they were honest instead of gaslighting and minimising, I’d respect that much more.

My data has definitely been shared since the hack because scammer calls to my mobile have risen significantly since that point. It’s causing a real problem for me now.

I do think M&S should offer Experian/similar and should have done more to protect our data.

That said... you can get my name and address from the electoral roll (if you really wanted to). My email address and phone number is vulnerable to spam now but I only ever look at emails I expect, and I just block nuisance calls. Date of birth has me concerned - and I wish I'd lied when I signed up - but to open a bank account they'd need my exact address history and my full name which I never use online anyway.

I'm not saying ID theft doesn't happen - it absolutely does and causes huge distress. But to open a bank account in your name, they'd usually need address history, which these hackers probably don't have. To open it under a new address, they'd probably also need proof (like gas bill) with your name on it, and a form of photo ID. They could try to pretend to be you to get access to your bank account, but they'd likely be missing a pass phrase/your mother's maiden name/similar.

I have been anxious about my personal data for years but when you look at it and see that your data is absolutely everywhere, it's quite hard not to resign yourself to it. There's a possibility, if you're like me and have lost things like driving licence in the past, that some nefarious person pieces up all the fragments and pretends to be me - but I'd find out eventually. It's not ideal, and I could do without the stress, but I'm just going to chalk it up to experience.

There are 8+ billion of us in the world, statistically it's very likely our data would be shared. Frustrating, but every time you build a system, there's a computer working to break it. M&S probably couldn't prevent it 100%.

It’s their attitude that got my back up.

Nothing to see here, move along. No need to be concerned. Don’t be silly.

I agree they should offer Experian and also think their data storage wasn't secure enough. On googling, they had an issue some years back where members could see other members details!

I have a habit of never putting my real date of birth when asked to on joining up for something - for security reasons. So I was shocked to see it was actually my real date of birth on the M&S account. And I'm wondering why - there must have been something on their sign up process that meant you couldn't put a fake date of birth. But if they have ALL THAT DATA - your name, phone number, email, address and date of birth, all on their server storage, they should absolutely have had had much more secure systems (like not keeping DOB on the same system as name and address and like ENCRYPTING it!). Sorry for the capitals! It annoys me. They may well get fined by the ICO. I read today they were claiming 100 million from their insurance company. Maybe to cover any possible fines!

The email I received yesterday - about 3 weeks since it happened, and the first notification I had, was lazy and inappropriately worded. Ending with a standard phrase about apologising for any inconvenience. It is much more than that. They should be apologising profusely and offering more support - like Fat Face did with offering Experian.

Mind you I did see a funny post on another site entitled "This is not just Cyber attack - this is an M&S cyberattack" - maybe should be "This is not just any cyber attack, this is an M&S super duper cyber attack with jelly beans! 😂

My data was clearly taken as I've had a rapid increase in texts/phone calls from scammers in the last several weeks

Same here.

They didn’t actually offer anything other than a half-hearted apology. Knowing their customers would have taken time out of their busy day to read this apology and knowing they’d albeit inadvertently leaked our data, a small value gift voucher would have gone a long way towards appeasing their customers.

They probably couldn't even send a gift voucher by email in case people thought it was a scam 😂

But yes it does show a kind of disdain for customers - who trusted them to be secure! It isn't their fault - but they had weaknesses somewhere for it to happen. I believe Harrods managed to block it.