Major UK retailer confirms cybersecurity breach — customers told to change passwords now
Personal data of an estimated 6.4 million accounts may have been exfiltrated.
One of the United Kingdom's largest retailers has confirmed a significant cybersecurity breach which may have exposed the personal data of an estimated 6.4 million customer accounts.
The company, which became aware of the intrusion late on Friday, has notified the Information Commissioner's Office and engaged a leading incident response firm to investigate the scope and duration of the attack.
Like this story?
Join 180,000 readers getting the Arcadia Vibe daily briefing — the day's stories distilled, every morning by 7am.
Customers are being urged to change passwords immediately and to remain vigilant for phishing attempts impersonating the retailer in the coming days and weeks.
Initial analysis suggests the breach exploited a known vulnerability in a third-party identity provider, raising fresh questions about supply-chain security across British retail.
A class-action lawsuit is widely expected once the full impact becomes clear.
Become a member
Support independent British journalism and unlock every premium story across politics, culture, tech and sport.