The Retail Crisis: M&S, Co-op, and Harrods Under Siege

What Has Happened So Far

In April 2025, three of the UK's most prominent retailers—Marks & Spencer (M&S), the Co-operative Group (Co-op), and Harrods—fell victim to coordinated UK cyber attacks. These breaches exploited vulnerabilities in IT help desk protocols, allowing attackers to impersonate employees and request password resets, thereby gaining unauthorised access to internal systems.

• Marks & Spencer: The attack led to the suspension of online orders and disrupted contactless payments. The company's market value plummeted by over £700 million, with estimated weekly losses of £40 million due to the halted online sales.
• Co-op Hackers accessed personal data, including names and contact details, of many current and former members. The breach forced the temporary shutdown of parts of its IT systems, affecting deliveries and emptying store shelves in some regions.
• Harrods: The luxury department store confirmed unauthorised access to its systems, prompting the company to restrict access to certain platforms as a precautionary measure.

Current Situation

Investigations have linked these attacks to cyber criminal groups such as Scattered Spider and DragonForce. These groups employ social engineering tactics, including SIM-swapping and phishing, to infiltrate corporate networks.

The National Cyber Security Centre (NCSC) has warned organisations about the increasing sophistication of such attacks and the importance of reviewing and strengthening cyber security measures.

Business Fallout

The repercussions of these cyber attacks are extensive:

• Financial Losses: M&S faces ongoing losses estimated at £15 million per week due to disrupted operations.
• Operational Disruption: Co-op experienced significant disruptions in up to 200 stores, with issues in contactless payments and product shortages due to IT system shutdowns.
• Reputational Damage: These incidents have eroded customer trust, with concerns over data privacy and the reliability of services.

Insurance Implications

The surge in cyber attacks has led to a reevaluation of cyber insurance policies:

• Premium Increases: UK retailers are facing cyber insurance premium hikes of up to 10%, as insurers reassess the risks associated with the retail sector.
• Coverage Scrutiny: Insurers are intensifying scrutiny of companies' cyber security measures before issuing policies, with some considering withdrawing coverage from high-risk companies

Recommendations to Mitigate Cyber Risks

To protect your organisation from similar cyber threats, consider implementing the following measures:

1. Customer Security Awareness (CSA): Regularly train staff to recognise and respond to phishing attempts and social engineering tactics.
2. Self-Service Password Reset Solutions: Implement systems that allow employees to securely reset their passwords without IT intervention, reducing the risk of impersonation attacks.
3. Multi-Factor Authentication (MFA): Adopt application-based MFA methods to add an extra layer of security beyond traditional passwords.
4. Password Managers: Encourage password managers to generate and store complex passwords, minimising the risk of credential theft.
5. USB Port Control: Use technical controls to turn off USB ports on devices, preventing unauthorised data transfers.
6. Application Control: Establish protocols for installing new applications, ensuring only approved software is used within the organisation.
7. Threat and Vulnerability Management (TVM): Regularly update and patch systems to protect against known vulnerabilities.
8. Microsoft Defender for Identity: Utilise behaviour analytics tools to detect and respond to suspicious activities within your network.
9. Secure Access to SaaS Solutions: Implement Single Sign-On (SSO) or Virtual Private Networks (VPNs) to control access to cloud-based services.
10. Email Gateway Security: Deploy solutions like Mimecast to filter and block malicious emails before they reach end users.
11. Conditional Access Policies: Restrict access to sensitive data based on device compliance and user location.
12. Managed Security Operations Centre (SOC): Engage a SOC to monitor, detect, and respond to security incidents in real time.
13. Cyber Essentials Certification: Obtain certification to demonstrate your organisation's commitment to cyber security best practices.

Implementing these measures can significantly enhance your organisation's resilience against cyber threats.

Speak to an expert about securing your business from supply-chain security to threat remediation and response.