Marks and Spencer suspends website after customer details leak

Shoppers logging into the Marks & Spencer website were given a little surprise last night when it began sharing other people's account details. The company confirmed that a "technical issue," not an attack by a third party, resulted in personal data, including names, dates of birth, contacts and previous orders to become easily viewable. Some customers also reported being able to see credit card details, but Marks & Spencer says data was encrypted and no full numbers were shared.

After customers notified the company via its Facebook and Twitter accounts, Marks & Spencer pulled its website offline in order to "resolve the issue and quickly restore service for our customers." One shopper reported seeing hundreds of orders that she hadn't placed and noted that she could change other customers' account details if she wished. "At one point last night my account when I managed to log in was 277,000 loyalty points," she added.

It's not clear how many people were affected by the website glitch, but The Register reports that the Information Commissioner's Office (ICO) is already making enquiries to ascertain exactly what happened. With the TalkTalk hack still fresh in people's minds, consumers are being forced to question what companies are doing to protect their data. Marks & Spencer insists that it was not the target of a hack, but more information could be disclosed as enquiries continue.