<img src="https://www.visionary-agile24.com/801599.png" style="display:none;">

Harrods, M&S, Co-Op: cyber attacks signal urgent need for action

by Aaron Flack on May 2, 2025

<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >Harrods, M&S, Co-Op: cyber attacks signal urgent need for action</span>

Harrods, M&S, Co-Op: cyber attacks signal urgent need for action
6:37

The UK retail sector is facing a cyber crisis. In just a few weeks, three household names, Marks and Spencer, Co-Op, and Harrods, have all been hit by significant cyber attacks. From disrupted logistics to exposed employee data, the incidents are striking in their similarity and severity. But the message is clear: no brand, no matter how established, is immune.

These attacks come when retailers are more digitally dependent than ever. Behind every store shelf and every online basket is a supply chain of interconnected systems, cloud platforms, third-party vendors and Iot-enabled infrastructure. And it is this complex digital surface that today’s cyber criminals are targeting, with increasing sophistication and scale.

A pattern emerges

Let us take a closer look at what has happened:

  • Marks and Spencer was one of the first to be affected, with the attack causing widespread issues in its food supply chain. The company experienced shortages of key products and significant disruption across logistics and back-office operations. Reports suggest the breach stemmed from a third-party supplier vulnerability, a common weak link in otherwise well-secured enterprises.
  • Co-Op faced operational problems across several business units. Though details remain limited, it is understood that internal IT systems were disrupted, affecting store operations and logistics. The company responded quickly, but still saw a reputational and financial impact.
  • Harrods, the latest to report an incident, confirmed that internal files, including sensitive employee data, were accessed in a cyber breach. While customer payment information was reportedly unaffected, the reputational damage and regulatory implications remain serious.

These cases are not just coincidental.  Cyber criminals are no longer simply going after customer card data. Instead, they target business-critical systems: supply chain logistics, enterprise resource planning (ERP) platforms, and personnel records.

The technical landscape: Why retail is at risk

Retailers are high-value targets because of their reliance on:

  • Legacy systems that have been patched over the years but lack full integration or modern security controls.
  • Multiple third-party suppliers, many of whom may have looser security postures.
  • Real-time operational systems, where downtime directly affects sales and customer trust.
  • Data-rich environments, including customer profiles, payment data, loyalty schemes and internal employee records.

Retailers operate at the intersection of data, logistics, and public visibility making them ideal victims for both financially motivated cyber criminals and politically driven attackers.

The growing use of cloud-based applications further amplifies these risks, including IoT devices in warehousing and stores, and remote access tools used by distributed workforces and support teams. Each of these introduces new attack surfaces and potential vulnerabilities.

Lessons for the Boardroom

These incidents offer hard but valuable lessons for leadership teams beyond the retail sector. At Conosco, we work with organisations to build resilience into the very core of their digital operations. Here is what your executive team needs to know:

Third-party risk is business risk

The attack on M&S appears to have originated through a supply chain partner. This is increasingly common. Businesses must go beyond perimeter security and assess the full ecosystem. That includes conducting due diligence on vendors, enforcing contractual obligations for security standards, and monitoring third-party access continuously.

Cybersecurity is no longer an IT function.

CISOs and CIOs must have direct access to the board, and cybersecurity risks should be discussed alongside financial, operational and reputational risks. Modern risk registers must include threat modelling and incident impact forecasting.

Segmentation and zero-trust architectures are essential.

Flat networks are easy to compromise. By adopting zero-trust principles, businesses can restrict lateral movement, verify every request and limit the blast radius of any breach. Network segmentation, identity-based access control, and real-time authentication are key to this model.

Detection and response are more important than prevention

Assume breach. Prevention is vital, but detection and response will define the outcome. This means investing in Security Operations Centres (SOCs), endpoint detection and response (EDR) platforms, and threat intelligence tuned to your industry.

Incident response must be fast, rehearsed and cross-functional

All three recent breaches show how slow, fragmented responses can worsen the damage. Have a documented incident response plan. Practice it. Ensure legal, PR, HR, IT and executive teams know their roles. A cyber incident is not just a technical event — it is an organisational crisis.

Regulatory pressure is increasing.

Breaches that involve employee or customer data must be reported under UK GDPR. Failure to comply can lead to fines, legal action and reputational harm. Regulatory readiness is now part of any responsible cyber strategy.

Building Resilience: A Constructive Path Forward

These threats are serious but not insurmountable. At Conosco, our approach is built on three pillars:

  • Visibility: Understand your current risk profile, infrastructure, and threat exposure.
    Maturity: Build a layered security architecture based on best practices and business context.
    Continuity: Develop business continuity and recovery processes that keep operations running during and after an attack.

Cyber resilience is no longer optional. It is a business requirement. Every company now operates in a digital battlefield, and the prepared organisations will thrive.


FAQ

What happened in the recent Harrods, Marks & Spencer and Co-Op cyber attacks?

In early 2025, three major UK retailers — Harrods, Marks & Spencer (M&S) and Co-Op — were all hit by significant cyber attacks within a short time frame. M&S experienced supply chain failures, leading to product shortages across stores, reportedly caused by a breach linked to a third-party provider. Co-Op suffered internal IT system outages that disrupted operations. Harrods confirmed that internal files, including employee data, were accessed. These incidents demonstrate the need for businesses to review their cyber risk exposure across supply chains and internal systems. Conosco supports this through strategic cyber risk assessments and vendor risk audits tailored to complex IT environments.

Why are UK retailers like Harrods and M&S being targeted by cyber criminals?

Retailers are prime targets for cyber criminals because they process high volumes of customer and employee data, depend on fast-moving supply chains, and often operate on outdated or fragmented IT systems. Brands like Harrods and M&S are particularly vulnerable due to their public visibility and reliance on multiple third-party systems, which attackers often exploit as entry points. Retailers are also under pressure to maintain uptime, making them more likely to pay ransoms or suffer costly outages when breached.

What are the business risks of a cyber attack in the retail industry?

A cyber attack can impact retail businesses in several critical ways: supply chain interruptions, loss of customer data, reputational damage, legal action, and direct financial loss from fraud or ransom payments. The recent attack on Marks & Spencer caused widespread stock issues, while Harrods now faces scrutiny over employee data handling. For any retail organisation, a breach can disrupt operations, reduce customer trust, and result in fines under regulations such as UK GDPR.

How can businesses protect themselves from supply chain cyber attacks?

To defend against supply chain attacks, businesses should conduct regular audits of their vendors, enforce strict access controls, and ensure third-party contracts include robust cyber security clauses. Implementing continuous monitoring of supplier access and adopting a zero-trust security model can reduce the risk of unauthorised lateral movement across systems. It’s also essential to maintain updated asset inventories, so organisations know exactly who has access to their data and infrastructure.

What is zero-trust security and why is it important for retailers?

Zero-trust security is a framework that assumes no user or device is trusted by default, even if they are inside the network perimeter. For retailers, this model is crucial because it prevents attackers from moving freely once they gain access through compromised credentials or devices. With the rise of remote work, third-party partnerships and cloud platforms, zero-trust helps reduce the attack surface and adds multiple verification layers before access is granted to sensitive systems or data.

 

Speak to an expert about securing your business from supply-chain security to threat remediation and response.

 
 Sources
Company Resource Name URL

BBC News

Harrods hit by cyber attack after Marks & Spencer and Co-Op incidents

https://www.bbc.co.uk/news/articles/cg72kg5yn2ko?utm_source=flipboard&utm_content=BBCNews%2Fmagazine%2FTop+Stories

MSN UK News Why Marks and Spencer is still affected by cyber attack https://www.msn.com/en-gb/news/uknews/why-marks-and-spencer-is-still-affected-by-cyber-attack-and-when-will-retailer-recover/ar-AA1DViJs?ocid=BingNewsVerp
Retail Gazette Harrods cyber attack https://www.retailgazette.co.uk/blog/2025/05/harrods-cyber-attack/
Cyber News Harrods luxury department store targeted in third UK retailer cyberattack https://cybernews.com/security/harrods-cyberattack-london-uk-retailer-luxury-department-store/