Marks & Spencer (M&S) suspended its site for about two hours on Tuesday (October 27) after customers complained that their personal information was leaked on its portal. The retailer confirmed the incident and said that the site was not hacked, but admitted to the "data breach", claiming it was due to a technical issue.
The site started showing user data, including names, date of birth and previous payment details of customer, because of the glitch. Some reports even said that the last four digits of payment cards of other customers surfaced when some users logged in to their accounts. The issue affected over 800 customers globally, but the retailer said in a statement that no financial details were compromised. It later apologised for the inconvenience caused and said that the issue was resolved within a short span of time.
"Due to a technical issue we temporarily suspended our website for a period last night. This allowed us to thoroughly investigate and resolve the issue and quickly restore service for our customers. We apologise to customers for any inconvenience caused," M&S said in a statement.
The glitch came to light, when M&S customers started posting messages on the retailer's social media channels. "I also registered my card tonight to find that I could see at least another three customers' details. Their name, address, telephone number, date of birth and what they have previously ordered. Not very good M&S," a customer wrote on the retailer's Facebook page.
Although the company confirmed that no data was compromised by hackers, the breach comes under the Data Protection Act and the Information Commissioner's Office (ICO) could impose a fine of up to £500,000 ($763,575), if the glitch resurfaces.
The issue emerged just a weeks after M&S launched "Sparks" members club and card scheme to build a closer ties with customers. Also, it comes a few days after hackers attacked London-based telecom service provider TalkTalk.