Following a cyberattack, for which the company apparently had no risk mitigation plan, UK retailer M&S has admitted that some customer data was also stolen.

Sky News reports:

Marks & Spencer has revealed customers' personal data was taken by hackers after it was hit by a damaging cyber attack.

The company did not say how many customers had been affected but [CEO] Mr Machin said there was "no need for customers to take any action".

"To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online," he said.

Well obviously one way to stay safe online is not to register your details with companies like M&S who have no plan to deal with cyberattacks. But then that's probably every company that does business online.

Changing your M&S password will not stop 'premium' M&S customers emails from being sold and targeted with all kinds of profitable scams, especially as these M&S customers are likely to be older and wealthier (to be able to pay M&S prices).

The hackers knew what they were doing. This is not just any customer data, this is M&S customer data.