M&S data breach forces retailer to temporarily suspend service

Retailer Marks & Spencer was forced to suspend its website earlier this week (27 October 2015) as customers saw the details of other consumers when logging in.

Customers logging in to pay for goods could see other customer’s personal details – including their names and orders made.

The retailer has admitted the fault was due to a technical difficulty, as opposed to forced third-party access.

“We can confirm that around 800 people were affected by a technical issue that led to us temporarily suspending our website on Tuesday evening,” a spokesperson for Marks & Spencer said:

“We have now written to the customers affected to apologise and to assure them that their financial details are safe.

No financial information was exposed, but customers may have been able to see the last four digits of a registered card and recent orders.

The retailer claimed those affected were contacted, although it was not certain whether all of those with M&S accounts were informed.

Although there will be no financial implications for customers, the fault has flagged concern over how large companies handle customers' data.

The IT glitch came at a time of year when retailers are gearing up for peaks in customer demand through e-commerce and mobile sites ahead of Black Friday and Christmas.

Marks and Spencer was only forced to take down its website for a few hours while it fixed the problem, and the website had returned to normal by the following day.

But retailers often rely on the period following Hallowheen to boost online sales, and any problems encountered can lead to customers shopping elsewhere, which can be detrimental to retailers.

Marks and Spencer is not the only high-profile security faux pas to take place at the tail end of 2015, with TalkTalk suffering a third-party data breach, thought to have exposed the details of up to four million customers.