Marks & Spencer hit by Epsilon hackers

Marks & Spencer has warned customers that they may receive an onslaught of spam after their email addresses were hacked.

The retailer appears to be the first major UK company to have been affected by the attack on US marketing firm Epsilon.

Last Wednesday hackers accessed the name and email details of bank and retailer customers from the Epsilon database. Epsilon clients range from JP Morgan and Citgroup, to McDonald's and Disney.

"We have been informed by Epsilon, a company we use to send emails to our customers, that some M&S customer email addresses have been accessed without authorisation," the company said in an email to customers sent on Tuesday evening.  

"We wanted to bring this to your attention as it is possible that you may receive spam email messages as a result."

Marks & Spencer reassured customers that no personal or financial details had been accessed or are at risk.

However, security experts have warned that the Epsilon hackers may sell the list of customer details to phishers and malware distributors who could then use it to launch targeted attacks.

"Data theft accounts for 33 per cent of all attacks today and, although an increase in spam is an obvious outcome, not so obvious is the increased risk of targeted malware attacks seeking to infiltrate company systems," warned Paul Davis, European operations director at network security firm FireEye.

"The loss of personal data is the initial step in a series of potential exploits, from mass spam through to advanced targeted malware which seeks to establish a beachhead within corporate systems for subsequent exploit and data exfiltration."