Posted by on | Featured | No Comments

What the M&S, Co-op and Harrods Cyber Attacks Reveal About Modern Threats

Retail Under Siege from Cyber Attacks

Recently, a wave of cyber-attacks has struck some of the UK’s most well-known retailers: Marks & Spencer, the Co-op, and Harrods. These incidents have disrupted services, forced systems offline, and cost millions in lost revenue. They are not just unfortunate timing. They are a wake-up call for not just the retail industry, but for every organisation across the UK.

The message is clear, if the “big guys” can fall victim, anyone can.

A Timeline of Disruption

Easter Weekend (29–31 March 2025)

Marks & Spencer was the first to experience a major disruption. Over the bank holiday weekend, the retailer suffered a ransomware attack reportedly carried out by the group DragonForce. The incident forced M&S to take its website and apps offline, halting Click & Collect services and disrupting contactless payments and loyalty programmes.

With online sales accounting for approximately £3.8 million per day in its clothing and home division, the financial impact was immediate and substantial. M&S later confirmed that customer data had been stolen, although it clarified that the compromised information did not include passwords or payment details. [Source: BBC]

Wednesday 7 May 2025

The Co-op revealed that it had taken parts of its IT infrastructure offline in response to suspicious activity, as a precaution against a potential cyber attack. Staff were instructed to keep cameras on during remote meetings and to verify all attendees, a signal that the company feared a deeper network compromise. The full nature and scope of the attack have not been publicly confirmed. [Source: BBC News]

Thursday 8 May 2025

Harrods became the third major retailer to confirm an incident. The company reported attempted unauthorised access to its systems. In response, its IT team restricted internet access at its stores as a protective measure. While its flagship Knightsbridge location and online store remained open and functional, the company has not disclosed further technical details or the extent of the attempted breach. [Source: BBC]

Ongoing Disruption

Cyber attacks are often widely disruptive. Customers at M&S have been unable to shop online for over a month, and reports indicate that disruption could last until July. The disruption of this cyber attack is estimated to cost M&S over £300 million. [Source: BBC]

Why are Retailers Targets for Cyber Criminals?

Retail businesses, especially large chains, have become increasingly attractive to cyber criminals.

• They manage large volumes of customer data, including payment information, delivery details and login credentials.

• Their operations are deeply digital, from logistics and inventory management to payment systems and loyalty apps.

• Any downtime causes immediate and visible disruption, creating pressure to resolve incidents quickly, sometimes under ransom demands.

We Simulated a Breach and It Took Minutes

At the recent Manchester Digital E-Commerce Conference, we conducted a live hack on a demo online store to show how quickly a compromise can occur.

Within minutes, our team exposed:

• A misconfigured ecommerce website that was vulnerable to exploitation

• How an SQL Injection could steal usernames and encrypted passwords

• How easily we decrypted the passwords due to weak passwords and poor encryption algorithm.

• Weak login process with no 2FA which enabled us to access all details on the account – including address and payment information.

Most successful attacks do not rely on sophisticated exploits and threat actors will almost always for the path of least resistance to establish a foothold. They rely on simple oversights, poor digital hygiene or human error.

Even today, the number one, most prevalent vulnerability facing applications globally are broken access controls according to the Open Worldwide Application Security Project (OWASP) [source: OWASP Top Ten]

Cyber Security Essentials for Websites and Applications

With e-commerce thriving as a cornerstone of retail, securing websites and applications has never been more critical. Cyber criminals target vulnerabilities in commercial platforms and websites to exploit sensitive customer data and disrupt operations.

This blog explores the cyber threats and implications facing online retail and e-commerce, as well as explaining best practices and frameworks like OWASP, and secure development methodologies, to help organisations stay secure online.

Read Blog

How Can Organisations Protect Themselves Against Cyber Attacks?

While the recent attacks are concerning, they highlight areas where many organisations can make meaningful improvements. Addressing cyber risk doesn’t require a drastic overhaul or reacting with panic.

Instead, it begins with a focused review of your current cyber security posture. You should review the technologies you use, your internal processes, and your existing policies. The priority should be to identify gaps, understand where your most critical assets lie, and take measured, practical steps to reduce risk.

Some of the key steps you should consider are:

• Use Multi-Factor Authentication (MFA) across all admin and critical access points

• Patch and update all systems regularly, especially third-party plugins and platforms. Utilising patch management software can make this process faster and easier.

• Use 24/7 log monitoring and alerting tools such as a Security Information and Events Management (SIEM) and Early Detection and Response (EDR) solutions across your applications and endpoints that can detect and record anomalous activity such as repeated attempted login failures in real time

• Conduct regular security audits, penetration tests, and code reviews

• Segment networks and use monitoring tools to detect abnormal behaviour early

• Train staff on phishing, social engineering, and access protocols

• Have an incident response plan in place and test it regularly

It’s Not “If” But “When”

The recent incidents at M&S, Co-op, and Harrods are not anomalies. They are signs of a threat landscape that is growing more aggressive and opportunistic. For any organisation operating online or relying on digital systems, the risk is very real.

At CyberLab, we help businesses strengthen their defences, uncover vulnerabilities before attackers do, and stay ahead of the threat curve.

Detect. Protect. Support.

Free Posture Assessment

Understand your security risks and how to fix them.

Take the first step to improving your cyber security posture, looking at ten key areas you and your organisation should focus on, backed by NCSC guidance.

Claim your free 30-minute guided posture assessment with a CyberLab expert.

Leave a Reply

You must be logged in to post a comment.