M&S data stolen in Epsilon breach

The Epsilon breach may have mainly affected US companies, but Marks & Spencer customers have been hit too.

Marks & Spencer

Marks & Spencer has warned customers their email addresses have been leaked, thanks to a huge breach at US marketing firm Epsilon.

The retail giant emailed customers saying they could expect more spam messages, after addresses were leaked after the hack on Epsilon on 30 March.

Customer email lists from a wide range of major corporations were taken, including hotel chains Marriot and Hilton. It was thought most affected businesses were US based.

M&S confirmed no other personal information, outside names and email addresses, were stolen.

"We have been informed by Epsilon, a company we use to send emails to our customers, that some M&S customer email addresses have been accessed without authorisation," the firm said in its email.

Although spam could be an issue for customers hit by the breach, targeted malware attacks are another worry.

"Today, data theft accounts for 33 per cent of all attacks and although an increase in spam is an obvious outcome, not so obvious is the increased risk of targeted malware attacks seeking to infiltrate company systems," said Paul Davis, director of European operations at FireEye.

"The loss of personal data is the initial step in a series of potential exploits from mass spam through to advanced targeted malware, which seeks to establish a beachhead within corporate systems for subsequent exploit and data exfiltration."

Frank Coggrave, Guidance Software's general manager for EMEA, said the Epsilon hack highlighted a wider trend in the industry.

"The significant knock-on effect to big name Epsilon customers, including Marks & Spencer and hotel chains Mariott and Hilton, highlights that no one is safe from these increasingly sophisticated and targeted attacks," Coggrave said.

"Since attacks consistently break through even the toughest of security systems, organisations need to focus on deploying incident response plans to mitigate the effects."

A number of high profile attacks have hit major corporations over the past month, including an Advanced Persistent Threat strike on security firm RSA.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

Zoom: From pandemic upstart to hybrid work giant
video conferencing

Zoom: From pandemic upstart to hybrid work giant

14 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021