Rose, who was appointed to the top job at the embattled retailer on 31st May, was alerted to the security breach when he contacted his mobile operator mmO2, and was asked to supply a newly created password that he said he had not set up.
An unknown individual had apparently contacted O2 earlier, provided sufficient details to gain access to his account records, and then set up the new security code, according to reports.
Suspicions were raised that someone had gained unauthorised access to the account after news stories appeared in the press, seemingly based on confidential records.
The issue of Rose's telephone conversations is a sensitive one at the moment, given that the Financial Services Authority has just launched an investigation into possible insider trading relating to the hostile takeover attempt by businessman Philip Green.
According to M&S, "In response to increasing concerns about access to his personal records, Stuart Rose has issued a number of notices under the Data Protection Act requesting details of any personal information held by them."
In general terms, under the Act, any company that retains personal information about an individual is obliged to let that individual know, within 40 days of a written request, what information is being held on them.