What should M&S customers do after criminals stole personal data in huge attack?

The personal data of M&S customers has been stolen by hackers during a huge cyber attack that may have cost the company millions.  So what should those customers do now? The retail giant admitted on Tuesday that some data had been stolen but reassured customers that no "usable payment or card details" were taken.

Read more: M&S says customers' personal data taken by hackers Passwords were also not included in the stolen data but there are reports that contact details like names, addresses and phone numbers were taken. There is no evidence the data has been shared, M&S confirmed to Sky News on Wednesday.

Despite M&S saying customers "do not need to take any action" aside from changing their password next time they log in, cybersecurity experts are worried. Here's what they want you to do if you have an M&S account.

Watch out for phishing scams "We often see a spike in phishing emails, fake delivery texts and scam calls after breaches like this, particularly when order history or usernames are involved," said Charlotte Wilson, head of enterprise at cybersecurity firm Check Point. "This is not about panic, but it is a reminder that cybersecurity is not just about technology," she said.

These scams can appear more convincing because hackers can include personal details like your name, address or phone number, stolen in attacks like the one on M&S. "Some criminals may impersonate a well-known organisation and convince victims of their credibility by providing their name, address and date of birth - before using this false credibility to scam the victim out of their money," said Sam Kirkman from NetSPI.

In fact, the criminal group reportedly behind the M&S attack is known to use tactics like this to scam people. Rather than using software to hack past company firewalls, Scattered Spider hackers target human vulnerabilities and trick people into giving them access.

Read more from Sky News:QR codes linked to online drugsCould UK get US-style 'supermax' jails? "Remember that we will never contact you and ask you to provide us with personal account information, like usernames, and we will never ask you to give us your password," said M&S operations director Jayne Wall in a message to customers. Stop, challenge, protect Mr Kirkman recommends following the "stop.