Protecting Your Family After the M&S Cyberattack

Understanding the M&S Data Breach

Marks & Spencer recently experienced a significant cyberattack that compromised customer personal data, including names, addresses, phone numbers, and birth dates. While no payment information or passwords were stolen, this information is still valuable to scammers who can use it to create convincing, personalized phishing attempts.
 
The breach serves as an important reminder that even major companies with sophisticated security systems can be vulnerable to attacks, highlighting the need for vigilance in our increasingly connected world.

How This Might Affect Your Family

Potential Threats

  • Phishing emails or texts that appear to be from M&S

  • Scam messages from other brands using your personal data

  • Phone calls pretending to be from customer service

  • Targeted scams using your children’s information
Warning Signs

  • Urgent requests for personal information

  • Pressure to click links or download attachments

  • Unusual email addresses or phone numbers

  • Poor spelling or grammar in official communications

If you’ve shopped at M&S online or created an account, your information may have been compromised. This increases the risk of receiving convincing scam attempts targeting both you and your children.

Talking to Your Children About Online Scams

Open conversations about online safety are crucial. Explain to your children that scammers create fake messages that look real to trick people into sharing personal information or clicking dangerous links. Use age-appropriate examples and avoid creating unnecessary fear.

Make it relatable

Compare digital scams to real-world situations they understand, like strangers offering candy.

Create a safety habit

Teach them to always check with you before clicking links or sharing information online.

Encourage questions

Let them know they can always come to you if something online seems suspicious or confusing.

Building Better Password Habits

Strong, unique passwords are your first line of defense against unauthorized access. Each online account should have a different password to prevent a single breach from compromising multiple accounts.

Consider using a password manager to generate and store complex passwords securely. This eliminates the need to remember multiple complicated passwords.

Teach your children the importance of password security and help them create strong passwords for their accounts. For younger children, manage their passwords yourself while explaining the importance of keeping them secret.

Reducing Your Digital Footprint

Limit Personal Information Sharing

Be mindful about sharing birthdays, school names, vacation plans, or favorite stores online. These details can be used by scammers to create convincing targeted attacks.

Review Privacy Settings

Regularly check and update privacy settings on all social media accounts, both yours and your children’s, to control who can see your information.

Monitor Digital Presence

Occasionally search for your children’s names online to see what information is publicly available and take steps to remove anything concerning.

The less information available about your family online, the harder it is for scammers to create personalized attacks that might fool you or your children into sharing sensitive information.

Additional Security Measures

Enable Two-Factor Authentication

Add an extra layer of security to important accounts by requiring both a password and a temporary code.

Monitor Account Activity

Regularly check account activity and set up alerts for unusual login attempts or transactions.

Update Software Regularly

Keep devices and apps updated with the latest security patches to protect against known vulnerabilities.

Use Caution with Public Wi-Fi

Avoid accessing sensitive accounts or information when connected to public networks.

These additional security layers create multiple barriers that make it significantly harder for cybercriminals to access your family’s personal information.

Teaching Children to Recognize and Report Suspicious Messages

Empower your children to be their own first line of defense by teaching them to recognize warning signs of scam messages. Explain that legitimate companies like M&S will never ask for personal information through email or text messages.
 
Create a family protocol for handling suspicious communications: don’t click links, don’t download attachments, don’t respond, and always report the message to a parent immediately. This builds confidence and creates a security-conscious mindset that will serve them well throughout their digital lives.
Remember: It’s better for your child to show you ten legitimate messages they were unsure about than to miss reporting one dangerous scam.