Now Marks & Spencer's customer email adresses get stolen.

6 April 2011

Bitterwallet - marks & Spencer Premium Club Waiting for today’s cyber-security breach? Wait no longer because here it comes, and the guilty party today are… Marks & Spencer.

They’ve advised customers that they can expect an increase in spam emails after the M&S customer email database was half-inched by evil hackers. The hackery was in fact part of the recent attack on Epsilon that we featured yesterday. They are a marketing firm who deal with the M&S email list; some American companies like Marriott, Hilton and Best Buy were also victims of the assault.

Marks & Spencer told customers: “We have been informed by Epsilon, a company we use to send emails to our customers, that some M&S customer email addresses have been accessed without authorisation," the retailer said in an email sent on Tuesday evening.

"We wanted to bring this to your attention as it is possible that you may receive spam email messages as a result. No other personal information, such as your account details, has been accessed or is at risk.”

Epsilon have said that the security breach affected 2% of their clients, but insist that no financial info was accessed by the moustache-twirling virtual villains.

TOPICS:   Privacy   Technology   High Street News


  • Dave
    Had this one last night - this is getting a bit silly now but it seems they're just trying to sweep it under the carpet. Who minds just a bit of spam :/
  • kv
    how are M&S the "guilty party"? it's not their fault that Epsilon's security was inadequate. please stop trying to drag retailer's names through the mud because of Epsilon's shortcomings
  • Andy D.
    They are because I say they are. Thanks for playing.
  • Nick T.
    If some of the M&S email addresses don't work, can the spammers take them back?
  • james D.
    Because we trusted them with our data, then they gave it to a company who was not capable of protecting it, possibly because they were cheap and unprofessional possibly because they were unlucky we don't know. However plenty of companies I have worked for and with have no regard for the protection of the data that they hold on their customers I find it shocking. If you give a company data and don't ensure they have an adequate data protection policy and secure enough system to store it on then it's your fault too.

What do you think?

Your comment