Marks and Spencer Group (M&S) has revealed that personal customer data has been stolen in its ongoing cyber attack saga.
The retail giant has, however, confirmed that this data does not include payment or card details or account passwords.
The news is the latest in a series of events which have been reported nationally after the company confirmed last month that it had been impacted by a cyber incident.
The attack was later attributed to hacking group Scattered Spider.
Just days later, the Co-Operative Group was forced to shut down its IT systems after becoming another retailer to be impacted by an attack of a similar nature.
In a statement posted to the London Stock Exchange, Marks and Spencer Group said: “As part of our proactive management of the incident, we have taken steps to protect our systems and engaged leading cyber security experts.
“We have also reported the incident to relevant government authorities and law enforcement, who we continue to work closely with.
“We have said to customers that there is no need to take any action. For extra peace of mind, they will be prompted to reset their password the next time they visit or log onto their M&S account and we have shared information on how to stay safe online.
“We remain grateful for the support that our customers, colleagues, partners and suppliers have shown us during this time.”
Stuart Machin, chief executive of the company, also thanked customers for their support. He said: “Everyone at M&S is working around the clock to get things back to normal for our customers as quickly as possible.
“We are very sorry for any inconvenience they have experienced. Our stores remain open as they have throughout, and we remain incredibly grateful for the support from our customers, colleagues, partners, and suppliers during this time.”