Marks & Spencer temporarily suspended its website on Tuesday night after “technical difficulties” that exposed customer information to other website users.
But the British retailer insisted that its website was not hacked by outside third parties, and there is no security risk for affected customers.
A M&S spokesperson confirmed to TechweekEurope today that the M&S website was suspended at 7.30pm on Tuesday evening, and was restored around 10pm.
The company was keen to stress that this was not a breach by outside third parties, but was as a result of internal ‘technical difficulties’.
“Due to a technical issue we temporarily suspended our website yesterday evening,” M&S said. “This allowed us to thoroughly investigate and resolve the issue and quickly restore service for our customers. We apologise to customers for any inconvenience caused.”
Prior to the website suspension, it seems that when M&S customers logged into the website, they could see other people’s orders. And some customers reportedly claimed they could see payment details of other customers.
However M&S insisted that as the details were encrypted there was no security risk.
At least one security expert has warned that businesses today need to be aware of the potential financial implications of exposing customer data.
“Many companies are flying blind when it comes to security, because they don’t think it affects them,” said Phil Barnett, vice president of Global Good Technology. “The truth is that it’s not just a conversation for banks or governments anymore, 90 per cent of companies have actually experienced a hack, and recent examples like Sony and TalkTalk have proved that – anyone and everyone is a potential victim of hacks and data leaks.
And he warned that of the impending legislation that could see firms slapped with large fines.
“When GDPR is implemented in 2016, companies experiencing a data breach could face a fine of two percent of worldwide revenue, so it’s not just going to be some painful interviews and a drop in share price, there’s the potential of big fines for every business.”
At it currently stands, it is still not mandatory for firms to report data breaches, but the incoming General Data Protection Regulation (GDPR) is likely to enforce a change in reporting requirements.
Are you a security expert? Try our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…