M amp S website leaks customer details

October 28, 2015 5:36 PM
The Marks and Spencer website was suspended for two hours on Tuesday night after a fault on the website allowed customers to see each others' detailed when they logged into their own accounts.

Marks and Spencer said the glitch was the result of an internal error – not an external hack or other attack. The company also said that full credit card details were not exposed.

However, the firm also warned that personal data was shown – this included names, dates of birth, contact details and information about previous purchases made through the website.

One website user, Mark Hill, told the BBC that he had seen someone else's account information when he tried to register for a store loyalty card.

"It accepted my registration but then told me I had 9,000 sparks points, which I thought was a bit odd," he explained.

"So, I looked at the account details and despite saying 'Hi Mark', it was quite clearly an account belonging to a female in a different part of the country," he added.

Another customer said they were able to see partial credit card details for someone else's account – a screenshot with the details blurred out appeared on the BBC website.

Marks and Spencer apologised for the error. A spokesman said: "Due to a technical issue, we temporarily suspended our website yesterday evening."

He added: "This allowed us to thoroughly investigate and resolve the issue and quickly restore service for our customers."

Shares in Marks and Spencer dipped sharply in morning trading, but rose again throughout the day. At 15:50 BST, shares were down 0.28 per cent from the previous day's close at 510.58.

TalkTalk hack

The Marks and Spencer website glitch comes just days after broadband and telephone provider TalkTalk suffered a website hack, which put millions of customers' data at risk.

A 15-year-old boy in Northern Ireland has been arrested in relation to the hack and TalkTalk's share prices are down to 249.90, compared to 268.50 before news broke of the security breach.

