Harrods, M&S, Co-Op: cyber attacks signal urgent need for action
by Aaron Flack on May 2, 2025
The UK retail sector is facing a cyber crisis. In just a few weeks, three household names, Marks and Spencer, Co-Op, and Harrods, have all been hit by significant cyber attacks. From disrupted logistics to exposed employee data, the incidents are striking in their similarity and severity. But the message is clear: no brand, no matter how established, is immune.
These attacks come when retailers are more digitally dependent than ever. Behind every store shelf and every online basket is a supply chain of interconnected systems, cloud platforms, third-party vendors and Iot-enabled infrastructure. And it is this complex digital surface that today’s cyber criminals are targeting, with increasing sophistication and scale.
A pattern emerges
Let us take a closer look at what has happened:
- Marks and Spencer was one of the first to be affected, with the attack causing widespread issues in its food supply chain. The company experienced shortages of key products and significant disruption across logistics and back-office operations. Reports suggest the breach stemmed from a third-party supplier vulnerability, a common weak link in otherwise well-secured enterprises.
- Co-Op faced operational problems across several business units. Though details remain limited, it is understood that internal IT systems were disrupted, affecting store operations and logistics. The company responded quickly, but still saw a reputational and financial impact.
- Harrods, the latest to report an incident, confirmed that internal files, including sensitive employee data, were accessed in a cyber breach. While customer payment information was reportedly unaffected, the reputational damage and regulatory implications remain serious.
These cases are not just coincidental. Cyber criminals are no longer simply going after customer card data. Instead, they target business-critical systems: supply chain logistics, enterprise resource planning (ERP) platforms, and personnel records.
The technical landscape: Why retail is at risk
Retailers are high-value targets because of their reliance on:
- Legacy systems that have been patched over the years but lack full integration or modern security controls.
- Multiple third-party suppliers, many of whom may have looser security postures.
- Real-time operational systems, where downtime directly affects sales and customer trust.
- Data-rich environments, including customer profiles, payment data, loyalty schemes and internal employee records.
Retailers operate at the intersection of data, logistics, and public visibility making them ideal victims for both financially motivated cyber criminals and politically driven attackers.
The growing use of cloud-based applications further amplifies these risks, including IoT devices in warehousing and stores, and remote access tools used by distributed workforces and support teams. Each of these introduces new attack surfaces and potential vulnerabilities.
Lessons for the Boardroom
These incidents offer hard but valuable lessons for leadership teams beyond the retail sector. At Conosco, we work with organisations to build resilience into the very core of their digital operations. Here is what your executive team needs to know:
Third-party risk is business risk
The attack on M&S appears to have originated through a supply chain partner. This is increasingly common. Businesses must go beyond perimeter security and assess the full ecosystem. That includes conducting due diligence on vendors, enforcing contractual obligations for security standards, and monitoring third-party access continuously.
Cybersecurity is no longer an IT function.
CISOs and CIOs must have direct access to the board, and cybersecurity risks should be discussed alongside financial, operational and reputational risks. Modern risk registers must include threat modelling and incident impact forecasting.
Segmentation and zero-trust architectures are essential.
Flat networks are easy to compromise. By adopting zero-trust principles, businesses can restrict lateral movement, verify every request and limit the blast radius of any breach. Network segmentation, identity-based access control, and real-time authentication are key to this model.
Detection and response are more important than prevention
Assume breach. Prevention is vital, but detection and response will define the outcome. This means investing in Security Operations Centres (SOCs), endpoint detection and response (EDR) platforms, and threat intelligence tuned to your industry.
Incident response must be fast, rehearsed and cross-functional
All three recent breaches show how slow, fragmented responses can worsen the damage. Have a documented incident response plan. Practice it. Ensure legal, PR, HR, IT and executive teams know their roles. A cyber incident is not just a technical event — it is an organisational crisis.
Regulatory pressure is increasing.
Breaches that involve employee or customer data must be reported under UK GDPR. Failure to comply can lead to fines, legal action and reputational harm. Regulatory readiness is now part of any responsible cyber strategy.
Building Resilience: A Constructive Path Forward
These threats are serious but not insurmountable. At Conosco, our approach is built on three pillars:
- Visibility: Understand your current risk profile, infrastructure, and threat exposure.
Maturity: Build a layered security architecture based on best practices and business context.
Continuity: Develop business continuity and recovery processes that keep operations running during and after an attack.
Cyber resilience is no longer optional. It is a business requirement. Every company now operates in a digital battlefield, and the prepared organisations will thrive.
FAQ
In early 2025, three major UK retailers — Harrods, Marks & Spencer (M&S) and Co-Op — were all hit by significant cyber attacks within a short time frame. M&S experienced supply chain failures, leading to product shortages across stores, reportedly caused by a breach linked to a third-party provider. Co-Op suffered internal IT system outages that disrupted operations. Harrods confirmed that internal files, including employee data, were accessed. These incidents demonstrate the need for businesses to review their cyber risk exposure across supply chains and internal systems. Conosco supports this through strategic cyber risk assessments and vendor risk audits tailored to complex IT environments.
Retailers are prime targets for cyber criminals because they process high volumes of customer and employee data, depend on fast-moving supply chains, and often operate on outdated or fragmented IT systems. Brands like Harrods and M&S are particularly vulnerable due to their public visibility and reliance on multiple third-party systems, which attackers often exploit as entry points. Retailers are also under pressure to maintain uptime, making them more likely to pay ransoms or suffer costly outages when breached.
A cyber attack can impact retail businesses in several critical ways: supply chain interruptions, loss of customer data, reputational damage, legal action, and direct financial loss from fraud or ransom payments. The recent attack on Marks & Spencer caused widespread stock issues, while Harrods now faces scrutiny over employee data handling. For any retail organisation, a breach can disrupt operations, reduce customer trust, and result in fines under regulations such as UK GDPR.
To defend against supply chain attacks, businesses should conduct regular audits of their vendors, enforce strict access controls, and ensure third-party contracts include robust cyber security clauses. Implementing continuous monitoring of supplier access and adopting a zero-trust security model can reduce the risk of unauthorised lateral movement across systems. It’s also essential to maintain updated asset inventories, so organisations know exactly who has access to their data and infrastructure.
Zero-trust security is a framework that assumes no user or device is trusted by default, even if they are inside the network perimeter. For retailers, this model is crucial because it prevents attackers from moving freely once they gain access through compromised credentials or devices. With the rise of remote work, third-party partnerships and cloud platforms, zero-trust helps reduce the attack surface and adds multiple verification layers before access is granted to sensitive systems or data.
Speak to an expert about securing your business from supply-chain security to threat remediation and response.
Company | Resource Name | URL |
---|---|---|
BBC News |
Harrods hit by cyber attack after Marks & Spencer and Co-Op incidents |
|
MSN UK News | Why Marks and Spencer is still affected by cyber attack | https://www.msn.com/en-gb/news/uknews/why-marks-and-spencer-is-still-affected-by-cyber-attack-and-when-will-retailer-recover/ar-AA1DViJs?ocid=BingNewsVerp |
Retail Gazette | Harrods cyber attack | https://www.retailgazette.co.uk/blog/2025/05/harrods-cyber-attack/ |
Cyber News | Harrods luxury department store targeted in third UK retailer cyberattack | https://cybernews.com/security/harrods-cyberattack-london-uk-retailer-luxury-department-store/ |
You May Also Like
These Related Stories

Cyber Security Lessons From The MOD
The cyberattack back in May 2024 on the Ministry of Defence (MoD) payroll system, which is managed by Shared Services Connected Ltd (SSCL), has sent ripples through the UK's public and private sectors. It’s clear that the exposed personal and financi …

Harvey Nichols cyber attack: securing retail against data breaches
The recent data breach in September at Harvey Nichols, a leading luxury retailer, underscores the escalating cyber threats businesses face today. Retail organisations often have additional appeal to attackers as their clientele includes affluent indi …

Manchester Move Cyber Attack: Learnings and how to stay protected
In July 2024, the Locata housing software breach affecting Manchester, Salford, and Bolton councils highlighted the ongoing vulnerability of public services to cyber-attacks. The attack exposed personal data and led to a widespread phishing scam, tar …