A cybersecurity expert has issued advice to all customers of Marks & Spencer and the Co-op after the supermarket giants were the subject of data breaches by hackers
A cybersecurity expert has offered crucial advice to Marks and Spencer and Co-op shoppers in the wake of the retailers’ data breach. M&S had to halt its online ordering system on April 22 following the incident, but assured customers that no immediate action was required on their part.
The disruption also led to a markdown of certain food items in stores, and it later came to light that hackers may have pilfered personal details from customers during the breach, potentially including contact details.
On May 2, meanwhile, a Co-op spokesperson disclosed that they were still facing “sustained malicious attempts by hackers to access” their systems. “This is a highly complex situation, which we continue to investigate in conjunction with the NCSC and the NCA,” they commented, after revelations that the same cybercriminals had taken responsibility for both attacks.
In response to these events, TikTok’s MyCyberTips has posted a video outlining steps for individuals to check if their data has been compromised – and what actions to take subsequently.
“If you’ve been receiving a lot of spam emails recently, you can see if your email address was involved in the M&S or Co-op data breach,” he began in a video. He went on to instruct viewers to visit HaveIBeenPwned.com, where entering your email address can confirm whether it has been compromised.
“If you have been hacked, hold down on the [spam] email [on your phone] and do ‘Block Sender’, and this will stop the person sending emails to you,” he recommended.
The expert then urged users to take immediate action if their personal data is compromised, stating: “Also, if your data has been stolen, make sure you change your password and set up multifactor authentication. You can even go one step further and set up spam filtering links on your email.”
To shield themselves from unsolicited emails, the cybersecurity guru advised individuals to utilise ‘Blocking and Filtering’ settings, where entering the sender’s email address ensures future correspondences are rerouted directly to the Spam folder.
And in a last warning to customers of the two supermarket giants, MyCyberTips concluded: “The final thing is do not click on ‘Unsubscribe’ links with these emails. What it shows them is your email address is active and so they’re likely to spam you even more because they know that this is a legitimate email address.”
What to do if your information is stolen
- Change your passwords immediately
- Set up two-factor authentication when possible
- Be mindful of spam emails that come into your inbox
- Introduce spam and scam filters where needed
The latest statement regarding the incident by M&S Chief Executive, Stuart Machin, read: “As we continue to manage the current cyber incident, we have written to customers today to let them know that unfortunately, some personal customer information has been taken. Importantly, there is no evidence that the information has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action.
“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online.
“Everyone at M&S is working around the clock to get things back to normal for our customers as quickly as possible, and we are very sorry for any inconvenience they have experienced. Our stores remain open as they have throughout. Thank you for shopping with us and for your continued support, we are incredibly grateful.”
Meanwhile, the Co-op said in it’s latest statement on May 14: “Following the malicious third-party cyber-attack, we took early and decisive action to restrict access to our systems in order to protect our Co-op.
“We are now in the recovery phase and are taking steps to bring our systems gradually back online in a safe and controlled manner.
“In our Food business:
-
“There will be improved stock availability in our Food stores and online from this weekend and we are working closely with our suppliers to restock our stores.
-
“Our stock ordering system is now fully online, and we have switched all our orders back to the normal supply processes and systems.
-
“All forms of payments including contactless, and chip and pin are working across our entire store estate.
“We’d like to thank all our colleagues, members, partners and suppliers for their support so far. We will provide further updates to our members as we continue to make progress from this cyber-attack.”
