BBC News

Marks and Spencer website leaks customers' details

Published
image copyrightMarks and Spencer
image captionPeople logging into M&S's website were able to see name and contact details for other users
A fault with Marks and Spencer's website allowed customers to see each other's details when they logged into their own accounts.
The British retailer suspended its site for two hours on Tuesday night to fix the problem.
It said the glitch was the result of an internal error, rather than of an external hack attack.
It added that its customers' full credit card details were not among the exposed information.
However, personal data, including names, dates of birth, contacts and previous orders were shown.
One user told the BBC he had seen another person's account details when he tried to register a store loyalty card.
media caption"The details of orders that popped up... were for another person" says M&S customer Dr Bob Price
"It accepted my registration but then told me i had 9,000 sparks points which i thought was a bit odd," said Mark Hill.
"So, I looked at the account details and despite saying 'hi Mark' , it was quite clearly an account belonging to a female in a different part of the country."
A call centre employee who handles complaints for the firm recounted another incident.
"One woman contacted me and informed me that 'a bloke from the other side of the country' had contacted her by telephone because he had seen all her details while using the M&S website, and felt she should know about it," he said.
"Many callers were anxious and very concerned - they understood the seriousness of the situation.
"It took nearly an hour before the website was shut down - something one tech guy told me should have been done as soon as the problem was recognised."
Marks and Spencer has apologised for the glitch.
"Due to a technical issue, we temporarily suspended our website yesterday evening," an M&S spokesman said.
image captionOne customer screengrabbed partial details of another user's credit card details
"This allowed us to thoroughly investigate and resolve the issue and quickly restore service for our customers."
It is not yet clear how many people's details were seen by other M&S customers as a result of the fault.

Related Topics

  • Companies

More on this story

  • TalkTalk hack: What should I do?