Well-known retailer Marks & Spencer took its website offline for a couple of hours last week after complaints by customers that they could see personal data belonging to other people as they shopped. Marks & Spencer has denied that it was the victim of a hack attack and is instead blaming the problem on technical issues. Despite this statement by the retailer, the incident does fall within the remit of the Data Protection Act so the retailer may receive further action from Information Commissioner’s Office.
The issue came to light when affected customers took to social media to discuss the problem. Users found other people’s details appearing when they registered a payment card although it did not include complete card numbers. Only around 800 customers were affected, suggesting that the problem related purely to the short span of time that the issue was live and there has since been no recurrence.