Major UK Retailers Hit by Coordinated Cyberattacks

UK Retail Giants Targeted in Coordinated Cyberattacks: Harrods, M&S, and Co-op Under Siege

In a significant escalation of cyber threats against the UK's retail sector, three of the nation's most prominent retailers—Harrods, Marks & Spencer (M&S), and the Co-operative Group (Co-op)—have been targeted in a series of sophisticated cyberattacks. These incidents have raised serious concerns about the resilience of critical infrastructure and the evolving tactics of cybercriminal groups.

Harrods Responds to Unauthorized Access Attempts

Luxury department store Harrods confirmed that it recently experienced attempts to gain unauthorized access to its systems. In response, the company's IT security team implemented precautionary measures, including restricting internet access across its sites. Despite these actions, all Harrods locations, including its Knightsbridge flagship store, H Beauty outlets, and airport branches, remain open, and online operations continue without disruption. The company has assured customers that no immediate action is required on their part. ​

M&S Faces Ongoing Disruptions from Ransomware Attack

Marks & Spencer has been grappling with the aftermath of a ransomware attack that began in late April. The breach has disrupted key operations, including contactless payments, online orders, and supply chains, leading to empty shelves in stores and the temporary closure of hot food counters. The disruption has wiped more than £600 million off the company's stock market value. ​

Co-op Implements Precautionary Measures Amid Cyber Threat

The Co-operative Group also reported an attempted cyberattack, leading the company to shut down parts of its IT systems as a precaution. While the incident impacted some back-office operations, all Co-op grocery stores, funeral services, and home delivery operations remained operational. ​

Scattered Spider Group Suspected in M&S Attack

Cybersecurity experts have linked the attack on M&S to the hacking group known as "Scattered Spider." This group, notable for its primarily native English-speaking members, employs sophisticated social engineering tactics, such as impersonating employees, to infiltrate corporate systems. The group operates under a ransomware-as-a-service model, deploying rented malware like DragonForce. ​

Authorities and Experts Respond to Retail Cyberattacks

The UK's National Cyber Security Centre (NCSC), along with the Metropolitan Police Cyber Crime Unit and the National Crime Agency (NCA), are actively investigating these incidents. Richard Horne, CEO of the NCSC, emphasized the need for all organizations to ensure robust cyberdefense systems are in place, calling the incidents a wake-up call for the industry. ​

Retail Sector Increasingly Targeted by Cybercriminals

According to PDI's Q1 2025 Threat Landscape Report, the retail sector experienced a staggering 74.71% increase in ransomware extortion incidents, climbing from the eighth to the fourth most targeted industry in just one quarter. ​

These recent cyberattacks underscore the growing threat to the UK's retail sector and highlight the importance of robust cybersecurity measures. As investigations continue, retailers are urged to bolster their defenses to protect against such sophisticated threats.