26,000 M&S employees hit by personal data theft

Thousands of Marks and Spencer workers could be targets for identity theft after a company laptop theft exposed their personal information. It is thought that 26,000 employees are affected.

The laptop contained employees' salaries, dates of birth, addresses and national insurance numbers as well as their telephone numbers.

The computer was in the care of a printing company which was to write to the employees on the machine regarding their pensions. It was then stolen in a theft that was described as opportunistic rather than planned.

Marks and Spencer has said that if the data falls into the hands of people adept at committing identity fraud, then they are at risk of being impersonated. It told the BBC that it is offering the employees free credit checks.

The theft took place on 18th April and the company wrote to staff two days later. It did not tell them the full extent of the information on the computer unless staff made further enquiries or attended internal meetings.

Marks and Spencer said that it believed that no ID theft had taken place as a result of the security breach.

In response to the theft the National Consumer Council said that it would campaign for legislation either in the UK or the EU that would demand that companies act more quickly to protect employees and customers against ID theft.

In some US states there are laws which demand that a company disclose publicly each data security breach that it suffers. There is no such law in the UK and the Information Commissioner, who oversees the implementation of privacy legislation in the UK, has stopped short of calling for the introduction of one.