A MAJOR cyber attack has left M&S crippled in recent weeks and some customers' personal data stolen.
However, there are steps you can take to protect yourself if your details have been shared with hackers.
A host of retailers have been the victim of online attacks since April 19, including Harrods, Co-op and M&S.
Co-op faced a hacking attempt and was forced to shut down part of its IT system at the end of last month.
Meanwhile, luxury retailer Harrods reported a hacking attempt earlier this month.
In an update to customers yesterday, M&S confirmed customers' personal information was stolen following a cyber attack.
The retailer said there was no evidence shoppers' personal information had been shared and useable car or payment details and account passwords had not been stolen.
However, if your data has been stolen in one of the recent attacks, there are steps you can take to minimise any fallout.
Here are some top tips from experts.
Even if hackers haven't stolen your personal data or passwords, they may still try and catch you out with phishing messages.
These are emails or texts appearing to come from a legitimate source, but with links that when clicked on steal information from you.
Look out for typos in any messages or an email address that seems suspicious as these are a telltale sign of a phishing attempt
Matt Hull, head of threat intelligence at cyber security firm NCC Group, said: "Cyber criminals are also likely to sell this data on the dark web as well, putting customers at even more risk.
"If you’re unsure about an email’s authenticity, don’t click any links.
"Instead, visit the company’s website directly to verify any claims.
"This extra step can protect you from falling victim to phishing attacks."
Pay close attention to any emails or calls received after a cyber attack as fraudsters will use these two channels more than others to steal your personal information.
William Wright, chief executive of Closed Door Security, said: "Don’t send personal information over email, treat phone calls relating to the breach with caution.
"If an email does come in requesting information, don’t hit reply."
Instead, he said to contact the actual company to check if any correspondence is legitimate.
Be cautious of fraudsters following up dodgy-looking emails or calls and trying to provoke you into actioning something too.
Anton Ushakov, head of Cybercrime Investigations unit, Europe, Group-IB, said: "Be especially wary of prompts to continue the conversation, like callbacks or follow-up messages, as these are common tactics in fraudulent attempts.
"Always verify whether the communication truly comes from the service it claims to represent."
Breaches like those experienced by M&S can increase the chances of customers' personal information being used to carry out identity fraud.
This involves, for example, someone's bank account being used to buy products which aren't ever actually paid for.
Identity fraud can go undetected for months meaning you don't actually realise personal information has been taken from you.
However, checking your credit score is one thing that might flag you've been targeted.
Sam Kirkman, director of services for Europe, the Middle East and Africa at cyber security firm NetSPI, said personal information stolen in a breach like M&S' "significantly" increases the risk of identity fraud.
He added: "It is therefore vital that potential victims monitor their credit scores to ensure financial products are not taken out in their name, without their consent.
“It is also important to remain alert to scams which may leverage this information toward you or your family members to appear more legitimate.
"For example, some criminals may impersonate a well-known organisation and convince victims of their credibility by providing their name, address and date of birth – before using this false credibility to scam the victim out of their money."
Take some general quick steps to shore up your online security and reduce any likelihood of your data being stolen.
Chris Burton, head of professional services at Pentest People, said you can start by changing your password as soon as possible.
He added: "If an online retailer has enabled Passkeys, you can use a password manager to generate a passkey which essentially makes your account ‘passwordless’ – the passkey is a unique ‘key’ which is used to validate the user, it doesn’t require any keying of passwords and won’t store a password that could be potentially harvested.
“I would always discourage from saving your payment methods with providers; this is a common feature, and although there are security precautions in place with these types of things, I’d personally sooner not run the risk.
“Keep an eye on your personal information and things like credit files. If your personal details are harvested from a compromised source, there is the opportunity for impersonation.
"You may get an increase in spam calls claiming to be from various companies such as Amazon or other high-end retailers."
A CYBER attack is any deliberate attempt to disrupt, damage, or gain unauthorised access to computer systems, networks, or digital devices.
These attacks can target individuals, businesses, or even governments, and their motives can range from financial gain to political disruption.
Cyber attacks can take many forms, employing various techniques to achieve their malicious goals.
Common types of cyber attacks include:
Do you have a money problem that needs sorting? Get in touch by emailing money-sm@news.co.uk.
Plus, you can join our Facebook group to share your tips and stories
6,000.000+downloads/Free/Bengali/Version2.3.4
777 BDT IPL 2025 Sports First Deposit Bonus
