Retail industries in the UK face potential cyber threats after a series of attacks
In a series of recent cyberattacks, three prominent U.K. retailers—Harrods, Co-op, and Marks & Spencer—have found themselves in the crosshairs of cybercriminals. As investigations continue, the National Cyber Security Centre (NCSC) and the National Crime Agency are working tirelessly to unravel the details and provide advice to affected organizations.
**Harrods**
Early in May 2025, Harrods confirmed attempts to breach its systems, leading to restricted internet access across its sites. Despite this, stores and the website remained operational. Forensic investigations are ongoing, and no official financial losses have been disclosed. There is speculation about the attack being part of a wider campaign targeting retailers, but there is no confirmed link to a specific cybercrime group.
**Co-op**
Co-op was targeted in an attempted ransomware attack shortly after the M&S incident. The IT team detected the intrusion early and took systems offline before the ransomware could be fully deployed. While a "significant amount" of current and past Co-op members' names and contact information were stolen, store operations continued with minimal disruption. The attack is believed to be part of a "single combined cyber event" with M&S, attributed to the Scattered Spider group.
**Marks & Spencer (M&S)**
Over the Easter weekend in April 2025, M&S experienced a sophisticated ransomware attack. The attack disrupted operations, forcing the company to suspend online orders and shut down automated stock management systems. Customer data, including names, addresses, and order histories, was accessed, though payment details and passwords were not compromised. The attack is attributed to the Scattered Spider group, with the hacking group DragonForce also claiming involvement through a message sent to M&S's CEO.
In a blog post, senior NCSC officials explained steps to mitigate potential ransomware attacks, urging security teams to use multifactor authentication, check for risky logins in Microsoft Entra ID Protection, and review help desk login procedures. Marks & Spencer also paused taking orders via its websites and mobile apps. Richard Horne, NCSC CEO, urged leaders to follow advice on the NCSC website to prevent attacks and respond effectively.
As the investigations continue, it is not yet clear whether one or more groups are responsible for the attacks. DragonForce, a ransomware-as-a-service operation, provides tools and a dark-web site for contracted hackers to perform attacks. Alphv and RansomHub, previously associated with DragonForce, have disbanded.
The U.K. authorities are urging organizations to remain vigilant following cyberattacks against these retail companies. Harrods confirmed it was the target of an attempted hack, but the stolen data did not include passwords, bank details, or credit card data. Harrods, Co-op, and M&S are continuing to serve customers at their physical stores and online.
- The recent cyberattacks on Harrods, Co-op, and Marks & Spencer, three prominent U.K. retailers, have raised concerns about the increasing threat of ransomware to business operations and customer privacy in general-news and crime-and-justice.
- The Scattered Spider group, known for its ransomware activities, is believed to be responsible for at least two of these attacks – on Co-op and Marks & Spencer – demonstrating the need for vigilance in cybersecurity and threat intelligence.
- In response to these attacks, the National Cyber Security Centre (NCSC) has emphasized the importance of implementing strong cybersecurity measures such as multifactor authentication and regular review of help desk login procedures to protect against ransomware attacks, as suggested in a recent blog post.
- Despite these cyber threats, the affected retailers – Harrods, Co-op, and Marks & Spencer – have managed to keep their physical stores and online services operational, albeit with temporary disruptions, showcasing the resilience of businesses in the face of technology-driven crime.
- The financial impacts of these cyberattacks are still under investigation, but the potential costs in terms of business reputation, customer trust, and data recovery should serve as a stark reminder of the potential consequences of inadequate cybersecurity in the modern, interconnected world of business and technology.
