Skip to main content

Marks & Spencer hacks itself: Personal customer information visible to all

So, you know how high-profile data breaches have been in the news quite a lot recently, resulting in various executives coming for a fair amount of stick? Just think TalkTalk (opens in new tab) and Ashley Madison (opens in new tab) for some prime examples.

With the Ashley Madison breach specifically, hackers stole the information and posted it online for the world to see. Marks and Spencer, it seems, has decided to make life easier for the hackers and has done their job for them.

Of course I'm sure that's not actually the case, but the result is the same. M&S customers have reported seeing other people's personal information - including addresses and past orders - when trying to log in to their own accounts to register for a new 'Spark' rewards card.

M&S has confirmed that is it suffering from "technical difficulties" with a spokesperson saying: "We're currently experiencing some technical difficulties and have temporarily suspended our website whilst we investigate this thoroughly. We're working hard to fix this and will update as soon as we can."

Facebook users have been posting their disbelief and ITV News - which broke the story - picked out a couple in its report. Shopper Debbie Dilks said: "I have just found the name address email address date of birth and mobile and land line number of a lady I have never met. This is appalling"

Vanessa Frost was another angry customer, saying: "There seems to have been a data breach on your M&S website - if I log into my account on there it brings up another person's details - this is happening to loads of people."

Image: M&S (opens in new tab)

Sam Pudwell
Sam Pudwell

Sam is Head of Content at Red Lorry Yellow Lorry, and has more than six years' experience as a reporter and content writer, having held the positions of Production Editor, Staff Writer, and Senior Business Writer at ITProPortal.