Marks & Spencer faced a cyberattack resulting in the theft of personal customer information, including contact details, birth dates, and online order history. Thankfully, payment details and passwords remain secure. While there has been no evidence of the data being shared, the breach raises significant compliance concerns under GDPR and UK privacy laws. Experts emphasize the necessity for organizations to enhance governance frameworks and remain vigilant, also advising customers to protect themselves against potential scams leveraging the stolen information.
United Kingdom retailer Marks & Spencer recently reported a cyberattack resulting in the theft of personal customer data, raising concerns about compliance with GDPR.
The breach has implications for compliance, particularly under GDPR, given the sensitive nature of the compromised data, necessitating a stronger governance framework.
Customers are urged to remain vigilant against scams that might exploit the stolen data, and to take precautions such as resetting passwords.
The incident serves as a reminder for businesses to adopt continuous monitoring of internal controls to adapt to evolving regulatory and business needs.
Collection
[
|
...
]