logo
ENع
#

Latest news with #UKGeneralDataProtectionRegulation

M&S face multi-million pound court action by Scots customers over cyber attack data leak
M&S face multi-million pound court action by Scots customers over cyber attack data leak

Daily Record

time18-05-2025

  • Business
  • Daily Record

M&S face multi-million pound court action by Scots customers over cyber attack data leak

The Sunday Mail can reveal leading law Thompsons Solicitors will this week launch a class action suit against the company which could result in huge compensation payouts. M&S is facing a multi-million pound court action by Scottish customers whose personal data has been stolen in a catastrophic cyber attack. The high street giant was forced to admit last week hackers have obtained information which could include the telephone numbers, home addresses, dates of birth and online ordering histories of millions of people. ‌ And the Sunday Mail can reveal leading law Thompsons Solicitors will this week launch a class action suit against the company which could result in huge compensation payouts. ‌ Senior partner Patrick McGuire said the firm has left customers vulnerable to criminal scams by failing protect customers' data - which it is required to do by law. He said: 'M&S pride themselves on their customer service and reliability but in this most important area they have failed their customers completely. 'We have a situation here where one of the most famous retailers in the UK have allowed criminals to pillage the personal details of hundreds of thousands of Scottish customers. 'We have been inundated by Scots M&S clients who have been caught up in this online heist and are contacting Thompsons given our experience in this area. 'I think this will be the biggest data theft case we have ever been involved in. ‌ 'Group litigation also known as Class Actions means that the public can hold Marks and Spencers to account for the theft of their details. 'Its legal action of this kind that gives consumers redress and shows retailers that they cannot skimp on cyber security.' ‌ Thompsons claim they have already received an alvalance of enquiries from M&S customers whose details have been stolen. More than £1.2billion has been wiped off the market value of M&S since it was crippled by hackers three weeks ago. The company is still not taking online orders, has been left with empty shelves at some branches, and is reported to be losing up to £3.5million a day. ‌ M&S's Sparks loyalty program had 18 million members - with hundreds of thousands in Scotland - and the firm have asked customers to reset their account passwords. The retailer has also warned customers that they might receive bogus emails, calls or texts claiming to be from the company. ‌ A group of hackers labelled Scattered Spider are alleged to have utilised a contractor to access the retailer's advanced IT systems. The ransomware group DragonForce, which is also believed to be behind a cyber attack on the Co-op, have said its affiliates are responsible. The group is known for scrambling victims' data and demanding a ransom to get the key to unscramble it. ‌ In the UK, data breaches are protected by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These laws provide the framework for how companies must handle and protect personal data, including the reporting and management of data breaches. ‌ The UK Government's National Cyber Security Centre has said it was working with the affected companies but told all UK businesses the incidents 'should act as a wake-up call' on the importance of having measures to protect against and respond to attacks. However, McGuire of Thompsons, who are already pursuing legal actions against other businesses who have lost customers' personal data said: 'The law in this matter is very clear and it beggars belief that an institution like M&S did not have the robust systems that law demands to prevent the real risk of identity theft and fraud. 'We know well from our experience that the type of information taken from M&S customers can be used in very sophisticated scams by international criminals.' ‌ M&S has not been able to take any orders through its website or app since April 25. The hack first caused problems for the retailer's contactless payments and click and collect orders. ‌ A spokeswoman for the company said: 'Importantly, the data does not include useable payment or card details, which we do not hold on our systems, and it does not include any account passwords. 'There is no evidence that this data has been shared.' Clive Black, a retail analyst at finance firm Shore Capital, said: 'What is clear to us is that this has a severe impact on first-quarter performance - hundreds of millions of pounds - and by definition a notable impact for the full year outcome for 2026.' ‌ Last month hackers infiltrated IT networks and stole customer and employee data at the Co-op. DragonForce claimed to have the private details of 20million customers in Co-op membership scheme. The attack has seen stores with empty shelves after the chain was forced to shut down IT systems and slow deliveries. ‌ Last week we told how the firm promised communities such as Islay, in the Inner Hebrides, Portree on Skye and stores across the Western Isles, would receive treble volumes of some products. A spokesperson for Co-op said: 'Following the malicious third-party cyber-attack, we took early and decisive action to restrict access to our systems in order to protect our Co-op. ‌ 'We are now in the recovery phase and are taking steps to bring our systems gradually back online in a safe and controlled manner. 'In our Food business there will be improved stock availability in our Food stores and online from this weekend and we are working closely with our suppliers to restock our stores. 'Our stock ordering system is now fully online, and we have switched all our orders back to the normal supply processes and systems. 'All forms of payments including contactless, and chip and pin are working across our entire store estate. 'We'd like to thank all our colleagues, members, partners and suppliers for their support so far. We will provide further updates to our members as we continue to make progress from this cyber attack.' An M&S spokesperson said: 'Our stores have remained open and availability is now in a much more normal place with stores well stocked this weekend.'

Meta considering subscription option for UK Facebook users
Meta considering subscription option for UK Facebook users

Yahoo

time22-03-2025

  • Business
  • Yahoo

Meta considering subscription option for UK Facebook users

Meta is considering a subscription option for UK Facebook users after it agreed to stop targeting a campaigner with adverts based on her personal data. The technology company said the social network it owns and Instagram were 'free for British consumers because of personalised advertising'. It comes after Meta agreed to stop targeting adverts at human rights campaigner Tanya O'Carroll after she filed a lawsuit against Facebook's collection of personal details. The Information Commissioner's Office (ICO) said on Saturday that its position was that Meta was 'processing Ms O'Carroll's personal data for direct marketing purposes'. It added that profiling related to those purposes meant Ms O'Carroll had the 'absolute right to object to such processing' under UK General Data Protection Regulation (GDPR). The ICO said 'organisations must respect people's choices about how their data is used', adding that it would 'continue to engage with Meta on this issue'. Ms O'Carroll wrote on LinkedIn: 'In settling my case, Meta has agreed to stop processing my personal data for direct marketing purposes. In non-legalese, that means I will no longer be shown surveillance-ads on Facebook. 'I believe this is a victory not just for me but for every UK and EU citizen as it paves the way for the right to object to be used to stand up to surveillance-advertising across the web. 'I applaud the ICO for their rational and principled application of the law in their intervention in my case and for publicly confirming they will back up other UK citizens who wish to exercise their right to object in the context of online targeted ads.' Meta said it was 'pleased to draw a line under this long-running case'. A spokesperson said: 'We fundamentally disagree with the claims made by Ms O'Carroll, no business can be mandated to give away its services for free. 'We take our UK GDPR obligations seriously and provide robust settings and tools for users to control their data and advertising preferences. 'Facebook and Instagram cost a significant amount of money to build and maintain, and these services are free for British consumers because of personalised advertising. 'Like many internet services, we are exploring the option of offering people based in the UK a subscription and will share further information in due course.' Meta already offers an advert-free subscription option to users in the EU. An ICO spokesperson said: 'People have the right to object to their personal information being used for direct marketing, and we have been clear that online targeted advertising should be considered as direct marketing. 'Organisations must respect people's choices about how their data is used. This means giving users a clear way to opt out of their data being used in this way. 'If people believe that an organisation is not complying with their request to stop processing their data, they can file a complaint to us. We will continue to engage with Meta on this issue.'

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into the world of global news and events? Download our app today from your preferred app store and start exploring.
app-storeplay-store