M&S shuts down website as customer details are revealed
MARKS & Spencer had to suspend its website for two hours because customers were able to see other people’s details and orders.
The systems failure is the latest evidence as to how household name companies are failing to offer shoppers the online security they expect.
The retailer apologised but stressed that no bank or debit card details were compromised by the ‘internal technical problem’ on Tuesday night.
However, that did not satisfy customers who took to social websites to highlight their shock at being able to see other people’s orders, with some claiming they could see payment details.
Debbie Dilks from Worthing, West Sussex, said: ‘I have just found the name, address, email address, date of birth and mobile and landline number of a lady I have never met. This is appalling.’ Debra McLoughlin, from Manchester, said she was ‘worried’ after getting someone else’s details showing on her account. She added: ‘Hope M&S not going the same way as TalkTalk.’
Security expert Phil Barnett of Good Technology said: ‘Recent examples like Sony and TalkTalk have proved that anyone and everyone is a potential victim of hacks and data leaks. Marks & Spencer’s proves that customer data breaches are real threats and have serious consequences.’
An M&S spokesman said customers may have been able to see the last four digits of another person’s payment card ‘for a brief moment’, but other information was encrypted.
She added: ‘There were no financial details compromised.
‘We weren’t hacked by a third party. It was an internal technical problem.’