Marks and Spencer has become the latest retailer to fall foul of a third party security breach after its email supplier Epsilon lost customer data.

The retailer sent an email out to customers this morning saying some customer email addresses have been accessed without authorisation.

It stresses only names and email addresses have been accessed, not account details, but warns customers might receive spam as a result.

M&S said in the email: “We apologise for any inconvenience this may cause you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.”

The Epsilon breach affected its US customers like Target and Best Buy as well. It told its clients about the issue last Friday and M&S emailed its customers today.

M&S financial director Alan Stewart said today: “This is an issue with our email marketing supplier, and we are one of a number of retailers affected. They have experienced a compromise to their security data. Names and email addresses might be at risk and customers may receive some spam. Personal information and financial information is not affected. We have done the right thing.”

Chief executive Marc Bolland added that the impact on customers will be “very limited”.

Topics