As we continue to manage the current cyber incident, we have written to customers to let them know that unfortunately the nature of the incident means some personal customer data has been taken. Importantly, there is no evidence that this data has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action.

To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log onto their M&S.com account on our website and we have shared information on how to stay safe online.

What does this mean for me?

The personal data taken could include contact details - such as name, email address, addresses, telephone number - date of birth, online order history, ‘masked’ payment card details used for online purchases. For clarity and reassurance, M&S does not hold full payment card details on its systems, which is why we use the term ‘masked’.

You do not need to take any action, but you might receive emails, calls or texts claiming to be from M&S when they are not, so do be cautious.

We will never contact you and ask you to provide us with personal account information, like usernames, and we will never ask you to give us your password.

Here are some hints and tips on how to stay safe online:

• • Be careful if you receive an email or text message asking you to click on a link – check it goes to where you expect it to.
• • Use a strong and unique password for your email account and use different passwords for each account you have.
• • Always do your software updates on your phones and devices as they often contain important security updates to protect you.

What do I need to do?

You do not need to take any action and, to give you extra peace of mind, next time you visit or login to your M&S.com account on our website, you will also be prompted to reset your password.

How will I be prompted to change my password?

• • When you next go to login on your M&S account, you will enter your account details and click sign in.
• • You will then receive an email to your registered account from Marks and Spencer Service asking you to reset your password.
• • Please click the ‘reset your password’ button in the email.
• • You will then be taken to a new webpage on M&S.com to enter your new password.
• • Enter and confirm your new password and then click the ‘reset my password’ button.
• • When this has been done, you will receive an email to confirm your password has been changed.
• • You will then be able to login with your new credentials.
• • Remember to use a strong and unique password.