M&S data stolen in Epsilon breach
The Epsilon breach may have mainly affected US companies, but Marks & Spencer customers have been hit too.
Marks & Spencer has warned customers their email addresses have been leaked, thanks to a huge breach at US marketing firm Epsilon.
The retail giant emailed customers saying they could expect more spam messages, after addresses were leaked after the hack on Epsilon on 30 March.
Customer email lists from a wide range of major corporations were taken, including hotel chains Marriot and Hilton. It was thought most affected businesses were US based.
M&S confirmed no other personal information, outside names and email addresses, were stolen.
"We have been informed by Epsilon, a company we use to send emails to our customers, that some M&S customer email addresses have been accessed without authorisation," the firm said in its email.
Although spam could be an issue for customers hit by the breach, targeted malware attacks are another worry.
"Today, data theft accounts for 33 per cent of all attacks and although an increase in spam is an obvious outcome, not so obvious is the increased risk of targeted malware attacks seeking to infiltrate company systems," said Paul Davis, director of European operations at FireEye.
"The loss of personal data is the initial step in a series of potential exploits from mass spam through to advanced targeted malware, which seeks to establish a beachhead within corporate systems for subsequent exploit and data exfiltration."
Frank Coggrave, Guidance Software's general manager for EMEA, said the Epsilon hack highlighted a wider trend in the industry.
"The significant knock-on effect to big name Epsilon customers, including Marks & Spencer and hotel chains Mariott and Hilton, highlights that no one is safe from these increasingly sophisticated and targeted attacks," Coggrave said.
"Since attacks consistently break through even the toughest of security systems, organisations need to focus on deploying incident response plans to mitigate the effects."
A number of high profile attacks have hit major corporations over the past month, including an Advanced Persistent Threat strike on security firm RSA.
Defeating ransomware with unified security from WatchGuard
How SMBs can defend against the onslaught of ransomware attacksFree download
The IT expert’s guide to AI and content management
How artificial intelligence and machine learning could be critical to your businessFree download
The path to CX excellence
Four stages to thrive in the experience economyFree download
Becoming an experience-based business
Your blueprint for a strong digital foundationFree download