Marks and Spencer’s website suspended after second major data lapse in a week hits UK consumers

It has been a less than exemplary week for UK online retailers. With the Talk Talk security scandal still ongoing in the news, Marks & Spencer was forced to suspend its website last night after customers reported being able to see other people’s personal details and order history.

The extent of the security breach resulting from the glitch is as yet unknown, but it certainly highlights a need for online retailers to get their websites fit for purpose, and their security up to scratch, before the crucial Black Friday, Cyber Monday and pre-Christmas sales rush.

> See also: Black Friday chaos: can UK e-retailers cope?

With this year’s Black Friday predicted to be the UK’s first ever £1 billion shopping day, the pressure will be on retailers to maximise the opportunities from this period of shopping frenzy, but research seems to suggest that consumer confidence in online retailers is flagging after so many bad experiences.

The research conducted by predictive analytics firm Blue Yonder found that 84.1% of Cyber Monday shoppers had a bad experience in 2014, after the websites of major retailers including Argos, Curries and Tesco all ground to a halt.

Nearly half of shoppers in 2014 found that e-commerce websites were too slow or crashed, a third found the experience ‘too much of a headache’ and a fifth felt the discounts were not enough, with one in ten preferring the January sales. As a consequence, fewer shoppers than expected could be hitting the online sales this year.

Last summer, Marks and Spencer saw an 8.1% drop in sales and share price dip just after the launch of its new website, blaming performance and usability issues, and now M&S is claiming the latest incident, potentially exposing thousands of customers’ details, is a result of an internal error.

> See also: Unencrypted data of four million TalkTalk customers left exposed in ‘significant and sustained’ attack

It might not be in the same league as the TalkTalk leak, in which the telecoms giant lost the data of up to 4 million customers to hackers, but yesterday’s incident still represents another blow for consumer confidence in the brands trusted to deliver secure and reliable online shopping experiences.

Phil Barnett, VP global at mobile security firm Good Technology, thinks the latest customer data breach at Marks and Spencer shows a pattern of UK online retailers not taking their customers’ online data protection seriously, something which could have severe consequences to their bottom lines both in the pre-Christmas period and into 2016.

‘Marks and Spencer proves that customer data breaches are real threats and have serious consequences,’ said Barnett. ‘Data is a company’s biggest asset, and as mobility becomes more ingrained across every enterprise, security must become a higher priority.’

‘When GDPR is implemented in 2016, companies experiencing a data breach could face a fine of 2% of worldwide revenue, so it’s not just going to be some painful interviews and a drop in share price, there’s the potential of big fines for every business.’

Despite high-profile breaches leading the news agenda on a regular basis this year, cyber security is still not ingrained at every level of UK organisations’ cultural mindset, according to Keith Poyser, EMEA MD at cloud company Accellion.

‘Every organisation needs to take cyber security and data leak prevention more seriously,’ he said. ‘From Sony to TalkTalk, this issue continues to rear its ugly head. Cyber security must reach everything and everyone, from the latest tech to even the savviest employee. This situation is by no means hopeless, but there are a number of steps organisations need to take to lessen the chances of a cyber attack.’

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Data Breaches
Networks