UK retailer Marks & Spencer says some personal customer data was stolen in a recent cyberattack which has crippled online services.
The UK retailer was hit by hackers three weeks ago and while instore services have been restored the company has remained offline for internet and app-based sales.
In an update on the incident provided to the stock exchange, M&S says stolen customer data includes names and addresses, date of birth and order histories.
"Importantly, the data does not include useable payment or card details, which we do not hold on our systems, and it does not include any account passwords," sates M&S. "There is no evidence that this data has been shared."
The company has yet to give a timeline for the restoration of opnline services but says customers will need to reset passwords the next time they log on to their account.