IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

M&S data stolen in Epsilon breach

The Epsilon breach may have mainly affected US companies, but Marks & Spencer customers have been hit too.

Marks & Spencer

Marks & Spencer has warned customers their email addresses have been leaked, thanks to a huge breach at US marketing firm Epsilon.

The retail giant emailed customers saying they could expect more spam messages, after addresses were leaked after the hack on Epsilon on 30 March.

Customer email lists from a wide range of major corporations were taken, including hotel chains Marriot and Hilton. It was thought most affected businesses were US based.

M&S confirmed no other personal information, outside names and email addresses, were stolen.

"We have been informed by Epsilon, a company we use to send emails to our customers, that some M&S customer email addresses have been accessed without authorisation," the firm said in its email.

Although spam could be an issue for customers hit by the breach, targeted malware attacks are another worry.

"Today, data theft accounts for 33 per cent of all attacks and although an increase in spam is an obvious outcome, not so obvious is the increased risk of targeted malware attacks seeking to infiltrate company systems," said Paul Davis, director of European operations at FireEye.

"The loss of personal data is the initial step in a series of potential exploits from mass spam through to advanced targeted malware, which seeks to establish a beachhead within corporate systems for subsequent exploit and data exfiltration."

Frank Coggrave, Guidance Software's general manager for EMEA, said the Epsilon hack highlighted a wider trend in the industry.

"The significant knock-on effect to big name Epsilon customers, including Marks & Spencer and hotel chains Mariott and Hilton, highlights that no one is safe from these increasingly sophisticated and targeted attacks," Coggrave said.

"Since attacks consistently break through even the toughest of security systems, organisations need to focus on deploying incident response plans to mitigate the effects."

A number of high profile attacks have hit major corporations over the past month, including an Advanced Persistent Threat strike on security firm RSA.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022