ICO 'making enquiries' into bizarre shopper data spill at M&S

The Information Commissioner's Office is making enquiries into Marks & Spencer's website after customers complained that they were being presented with each others' personal details while shopping.

Marks & Spencer made its website temporarily unavailable last night after what it claimed was "a technical issue".

The company's customers raised the alarm on social media sites Facebook and Twitter, claiming that they had been presented with other shoppers' sensitive information, including their names, phone numbers, card details and delivery addresses.

M&S has told The Register that no full financial information had been exposed during what they understood was a small period of time wherein customers may have seen a snapshot of one other customer's details.

It was notably not the same customer's details that shoppers were shown.

The company was unable to clarify whether credit card information – partially redacted or otherwise – may have been shared, however.

The M&S response at the time was that it was "currently investigating this with our technical team, so please bear with us."

@AlexJaneWalker Thanks for letting us know. We’re currently investigating this with our technical team, so please bear with us.

— M&S (@marksandspencer) October 27, 2015

A spokesperson for M&S told The Register today that:

Due to a technical issue we temporarily suspended our website yesterday evening. This allowed us to thoroughly investigate and resolve the issue and quickly restore service for our customers. We apologise to customers for any inconvenience caused.

M&S resolutely denied that it had been hacked, and claimed that there had been no third party involvement in the incident. The ICO told The Register it was aware of the incident and making enquiries into it, but was unable to offer a statement at such an early stage. ®