Marks & Spencer has warned customers their email addresses have been leaked, thanks to a huge breach at US marketing firm Epsilon.
The retail giant emailed customers saying they could expect more spam messages, after addresses were leaked after the hack on Epsilon on 30 March.
Customer email lists from a wide range of major corporations were taken, including hotel chains Marriot and Hilton. It was thought most affected businesses were US based.
M&S confirmed no other personal information, outside names and email addresses, were stolen.
"We have been informed by Epsilon, a company we use to send emails to our customers, that some M&S customer email addresses have been accessed without authorisation," the firm said in its email.
Although spam could be an issue for customers hit by the breach, targeted malware attacks are another worry.
"Today, data theft accounts for 33 per cent of all attacks and although an increase in spam is an obvious outcome, not so obvious is the increased risk of targeted malware attacks seeking to infiltrate company systems," said Paul Davis, director of European operations at FireEye.
"The loss of personal data is the initial step in a series of potential exploits from mass spam through to advanced targeted malware, which seeks to establish a beachhead within corporate systems for subsequent exploit and data exfiltration."
Frank Coggrave, Guidance Software's general manager for EMEA, said the Epsilon hack highlighted a wider trend in the industry.
"The significant knock-on effect to big name Epsilon customers, including Marks & Spencer and hotel chains Mariott and Hilton, highlights that no one is safe from these increasingly sophisticated and targeted attacks," Coggrave said.
"Since attacks consistently break through even the toughest of security systems, organisations need to focus on deploying incident response plans to mitigate the effects."
A number of high profile attacks have hit major corporations over the past month, including an Advanced Persistent Threat strike on security firm RSA.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Tories fined £10,000 after sending unwanted campaign emailsNews ICO said the breach of data protection laws was “serious”
-
Mine: The startup that can track down your dataCase Studies The search for your digital footprint starts with your email inbox and some machine learning
-
Nine top GDPR tips for email marketing strategiesIn-depth It's not all doom and gloom – here's how you can make GDPR work for you
-
Why GDPR creates a "vicious circle" for marketersNews Customers will control the forthcoming trust economy, predicts Aprimo
-
Forget about GDPR fines, says DotmailerNews Email marketing firm says failing customers should be a bigger worry than official penalties
-
Google dumps disaster recovery product amidst clean outNews The internet giant dumps the Google Message Continuity product to focus on its Apps lineup.
