Actions to Take Following the M&S Cyber Attack
In light of the recent disclosure by Marks & Spencer (M&S) regarding a cyber attack that resulted in the theft of customer data, we strongly recommend that if you are affected you take immediate and proactive steps to protect your digital identity and reduce the risk of further compromise.
What Do I Do?
1. Change Your Password Immediately
If you have an M&S online account, change your password without delay. This is particularly urgent if you use the same password across multiple services - a common but risky practice.
2. Use a Password Manager
To enhance your security, consider using a reputable password manager. These tools help you generate and store strong, unique passwords for each online service you use, thereby reducing the likelihood of future breaches affecting multiple accounts.
3. Consider Changing Your Email Address
If your email address is exposed, you may wish to consider changing it, especially if it is tied to sensitive accounts such as banking, healthcare, or government services. Once your email is publicly associated with a data breach, it becomes a more attractive target for phishing and identity fraud.
4. Use Separate Email Accounts for Different Purposes
To compartmentalise risk, maintain separate email addresses for different categories of online activity. For example:
One email strictly for critical services (e.g., banking, medical, HMRC).
Another for retail, newsletters, and everyday transactions.
5. Employ Email Aliasing Where Possible
Instead of managing multiple inboxes, consider using an email aliasing service. This approach allows you to create unique, disposable addresses that all forward to a single inbox-providing better tracking and control without the hassle of managing several accounts.
6. Be Aware of AI-Driven Targeting
With the growing use of AI by malicious actors, breached personal information can now be used to construct detailed digital profiles. These profiles enable highly tailored and convincing phishing attempts or fraud campaigns that appear legitimate and context-aware. The more data exposed, the easier it is for attackers to deceive you-so vigilance and layered protection are more important than ever.
By taking these measures, you can strengthen your digital security posture and minimise the long-term impact of this data breach.