Marks & Spencer Says Hackers Stole Shoppers’ Data

By Kim S. Nash

Hello. Hackers stole customers' personal data from Marks & Spencer, one of three U.K. retailers hit in cyberattacks in the past few weeks.

Payment information wasn't among the compromised data, Marks & Spencer said Tuesday. The company didn't specify how many shoppers were affected. Harrods and Co-op have also disclosed cyberattacks since late April. Read the full story.

More news:

Android phone users get souped-up security
Spain presses power providers for cyber details after blackout
Securities concerns about Qatar's plane for Trump
Shrunken voting power for CrowdStrike CEO
And more

‏‏‎ ‎

CONTENT FROM: Zscaler

See you at ZenithLive '25. Cybersecurity event of the year.

One Epic Week. AI Ignited. Zero Trust Elevated. Security Operations Reinvented. Join and bring your team to the premier learning conference that brings together industry experts to share insights on zero trust, hands-on training, and certifications to protect and enable your organization to thrive. WSJ readers enjoy an exclusive 50% discount with code [WSJZL25]—don’t miss this opportunity!

More Cyber News

PHOTO: JOHN G. MABANGLO/SHUTTERSTOCK

Google is souping up cyber protections on Android phones for people who need high-level security. Advanced Protection Mode, which is due to be available in June on Android 16 devices, prevents users from connecting to encryption-lacking 2G networks and insecure WiFi. The feature also logs attempted intrusions. (ArsTechnica)

Blackout investigation: Government officials in Spain have asked small power providers in the country for details on their cybersecurity programs as an investigation continues of the recent electricity outage in Spain and Portugal, Reuters reported, citing the Financial Times.

Further reading from WSJ Pro: Blackouts In Europe Continue to Raise Cyber Alarms
U.S. officials on Tuesday issued advisories about three flaws in Hitachi products used in the energy industry.

Trump's new plane: Defense and aviation experts warned of cybersecurity and surveillance risks of a Boeing 747 that Qatar's royal family plans to provide for President Trump's use. (Defense News)

Number of vulnerabilities addressed in Microsoft's "Patch Tuesday" package of bug fixes for May. That includes five zero-day vulnerabilities that the Cybersecurity and Infrastructure Security Agency added to its database of cyber problems that federal agencies must fix. (CyberScoop)

Privacy

PHOTO: MARIJAN MURAT/ZUMA PRESS

A family accused children's gaming and game-building platform Roblox of secretly collecting data from users without proper consent. The company tracks keystrokes, mouse movements, searches and chat messages, among other information, according to a proposed class-action lawsuit filed in U.S. District Court of Central California.

Roblox said it is audited regularly for compliance with privacy laws and safety measures. "We respect applicable laws and regulations, collaborating with regulators, authorities and safety organizations in the countries in which we operate," a spokesperson said. (HackRead)

Cyber Business

CrowdStrike Holdings Chief Executive George Kurtz gave more than $1 billion worth of his company stock to unnamed recipients. The April move, which a company spokesperson attributed to philanthropy and estate planning, cut Kurtz's voting power to 2.5% from 31% in 2022. (Bloomberg)

About Us

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten, James Rundle and Catherine Stupp. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.

Unsubscribe |

Newsletters & Alerts |

Privacy Notice |

Cookie Notice

Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.