The Retail Crisis: M&S, Co-op, and Harrods Under Siege

by Aaron Flack on May 12, 2025

<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >The Retail Crisis: M&S, Co-op, and Harrods Under Siege</span>

The Retail Crisis: M&S, Co-op, and Harrods Under Siege

6:45

What Has Happened So Far

In April 2025, three of the UK's most prominent retailers—Marks & Spencer (M&S), the Co-operative Group (Co-op), and Harrods—fell victim to coordinated UK cyber attacks. These breaches exploited vulnerabilities in IT help desk protocols, allowing attackers to impersonate employees and request password resets, thereby gaining unauthorised access to internal systems.

Marks & Spencer: The attack led to the suspension of online orders and disrupted contactless payments. The company's market value plummeted by over £700 million, with estimated weekly losses of £40 million due to the halted online sales.
Co-op Hackers accessed personal data, including names and contact details, of many current and former members. The breach forced the temporary shutdown of parts of its IT systems, affecting deliveries and emptying store shelves in some regions.
Harrods: The luxury department store confirmed unauthorised access to its systems, prompting the company to restrict access to certain platforms as a precautionary measure.

Current Situation

Investigations have linked these attacks to cyber criminal groups such as Scattered Spider and DragonForce. These groups employ social engineering tactics, including SIM-swapping and phishing, to infiltrate corporate networks.

The National Cyber Security Centre (NCSC) has warned organisations about the increasing sophistication of such attacks and the importance of reviewing and strengthening cyber security measures.

Business Fallout

The repercussions of these cyber attacks are extensive:

Financial Losses: M&S faces ongoing losses estimated at £15 million per week due to disrupted operations.
Operational Disruption: Co-op experienced significant disruptions in up to 200 stores, with issues in contactless payments and product shortages due to IT system shutdowns.
Reputational Damage: These incidents have eroded customer trust, with concerns over data privacy and the reliability of services.

Insurance Implications

The surge in cyber attacks has led to a reevaluation of cyber insurance policies:

Premium Increases: UK retailers are facing cyber insurance premium hikes of up to 10%, as insurers reassess the risks associated with the retail sector.
Coverage Scrutiny: Insurers are intensifying scrutiny of companies' cyber security measures before issuing policies, with some considering withdrawing coverage from high-risk companies

Recommendations to Mitigate Cyber Risks

To protect your organisation from similar cyber threats, consider implementing the following measures:

Customer Security Awareness (CSA): Regularly train staff to recognise and respond to phishing attempts and social engineering tactics.
Self-Service Password Reset Solutions: Implement systems that allow employees to securely reset their passwords without IT intervention, reducing the risk of impersonation attacks.
Multi-Factor Authentication (MFA): Adopt application-based MFA methods to add an extra layer of security beyond traditional passwords.
Password Managers: Encourage password managers to generate and store complex passwords, minimising the risk of credential theft.
USB Port Control: Use technical controls to turn off USB ports on devices, preventing unauthorised data transfers.
Application Control: Establish protocols for installing new applications, ensuring only approved software is used within the organisation.
Threat and Vulnerability Management (TVM): Regularly update and patch systems to protect against known vulnerabilities.
Microsoft Defender for Identity: Utilise behaviour analytics tools to detect and respond to suspicious activities within your network.
Secure Access to SaaS Solutions: Implement Single Sign-On (SSO) or Virtual Private Networks (VPNs) to control access to cloud-based services.
Email Gateway Security: Deploy solutions like Mimecast to filter and block malicious emails before they reach end users.
Conditional Access Policies: Restrict access to sensitive data based on device compliance and user location.
Managed Security Operations Centre (SOC): Engage a SOC to monitor, detect, and respond to security incidents in real time.
Cyber Essentials Certification: Obtain certification to demonstrate your organisation's commitment to cyber security best practices.

Implementing these measures can significantly enhance your organisation's resilience against cyber threats.

FAQ

In early 2025, three major UK retailers — Harrods, Marks & Spencer (M&S) and Co-Op — were all hit by significant cyber attacks within a short time frame. M&S experienced supply chain failures, leading to product shortages across stores, reportedly caused by a breach linked to a third-party provider. Co-Op suffered internal IT system outages that disrupted operations. Harrods confirmed that internal files, including employee data, were accessed. These incidents demonstrate the need for businesses to review their cyber risk exposure across supply chains and internal systems. Conosco supports this through strategic cyber risk assessments and vendor risk audits tailored to complex IT environments.

Retailers are prime targets for cyber criminals because they process high volumes of customer and employee data, depend on fast-moving supply chains, and often operate on outdated or fragmented IT systems. Brands like Harrods and M&S are particularly vulnerable due to their public visibility and reliance on multiple third-party systems, which attackers often exploit as entry points. Retailers are also under pressure to maintain uptime, making them more likely to pay ransoms or suffer costly outages when breached.

A cyber attack can impact retail businesses in several critical ways: supply chain interruptions, loss of customer data, reputational damage, legal action, and direct financial loss from fraud or ransom payments. The recent attack on Marks & Spencer caused widespread stock issues, while Harrods now faces scrutiny over employee data handling. For any retail organisation, a breach can disrupt operations, reduce customer trust, and result in fines under regulations such as UK GDPR.

To defend against supply chain attacks, businesses should conduct regular audits of their vendors, enforce strict access controls, and ensure third-party contracts include robust cyber security clauses. Implementing continuous monitoring of supplier access and adopting a zero-trust security model can reduce the risk of unauthorised lateral movement across systems. It’s also essential to maintain updated asset inventories, so organisations know exactly who has access to their data and infrastructure.

Zero-trust security is a framework that assumes no user or device is trusted by default, even if they are inside the network perimeter. For retailers, this model is crucial because it prevents attackers from moving freely once they gain access through compromised credentials or devices. With the rise of remote work, third-party partnerships and cloud platforms, zero-trust helps reduce the attack surface and adds multiple verification layers before access is granted to sensitive systems or data.

Speak to an expert about securing your business from supply-chain security to threat remediation and response.

Sources

Company	Resource Name	URL
The Times	M&S unable to fulfil some meal deal offers after cyberattack	https://www.thetimes.co.uk/article/m-and-s-cyberattack-meal-deal-offers-k56r3kx3d
Financial Times	UK retailers face 10% rises in premiums after cyber attacks	https://www.ft.com/content/190803d9-e646-4a58-8cd2-9a627cf40bb1
Reuters	M&S, Co-op cyberattackers duped IT help desks into resetting passwords	https://www.reuters.com/business/retail-consumer/ms-co-op-cyberattackers-duped-it-help-desks-into-resetting-passwords-says-report-2025-05-06/
The Guardian	Co-op forced to shut down part of IT system after hack attempt	https://www.theguardian.com/business/2025/apr/30/co-op-forced-to-shut-down-part-of-it-system-after-hack-attempt
Computer Weekly	Harrods becomes latest UK retailer to fall victim to cyber attack	https://www.computerweekly.com/news/366623311/Harrods-becomes-latest-UK-retailer-to-fall-victim-to-cyber-attack
NCSC	Incidents impacting retailers – recommendations from the NCSC	https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers
The Grocer	M&S is taking reputational damage from cyberattack: research	https://www.thegrocer.co.uk/news/mands-is-taking-reputational-damage-from-cyberattack-research/704068.article
Cybersecurity Insiders	Cyber insurance premiums set to rise as retail sector faces growing cyber threats	https://www.cybersecurity-insiders.com/cyber-insurance-premiums-set-to-rise-as-retail-sector-faces-growing-cyber-threats/
City A.M.	M&S, Co-op and Harrods attacks drive demand for cyber insurance	https://www.cityam.com/ms-co-op-and-harrods-attacks-drive-demand-for-cyber-insurance/
CM Alliance	The Marks and Spencer Cyber Attack: Everything You Need to Know	https://www.cm-alliance.com/cybersecurity-blog/the-marks-and-spencer-cyber-attack-everything-you-need-to-know

Share this

Previous story

← Harrods, M&S, Co-Op: cyber attacks signal urgent need for action