Retailers Under Siege: Boost your Cyber Defences Now!

Posted on 8 May 20258 May 2025

You will no doubt have seen that over the past couple of weeks, some of the UK’s most notable retailers have been hit by major cyberattacks.

Marks & Spencer, Co-Op and Harrods were all targeted and suffered from a loss of business as a result.

What happened in the attacks?

Marks & Spencer – Marks & Spencer experienced a ransomware attack over the Easter weekend, which disrupted online orders, payments, and recruitment processes. The attack forced M&S to suspend all online orders and, at the time of writing, online orders are still paused. The company is still working to recover from the incident, which has caused considerable operational disruption.

Co-Op

The Co-Op was also targeted in a similar attack, where hackers tricked their IT helpdesk workers into resetting passwords, granting them access to the company’s systems. This social engineering tactic allowed the attackers to breach the network and steal members’ details and had an impact on stock deliveries. The Co-Op has since shut down parts of its IT systems to mitigate the damage and prevent further breaches.

Harrods

Harrods confirmed that it had experienced attempts to gain unauthorised access to its systems. While the luxury retailer has managed to keep its operations running, the incident underscores the growing cybersecurity threats facing the retail sector.

What can we do to help stay secure?

Given these incidents, it’s crucial for customers to review/enhance their cybersecurity practices. Here are some of our recommendations:

Use strong, unique passwords: ensure your passwords are complex and different for each account. Consider using a password manager too. If you have accounts with any of the retailers affected, be sure to change those too!
Enable Multifactor Authentication (MFA): to add an extra layer of security to your accounts if you don’t already have it.
Be wary of phishing attempts: avoid clicking on suspicious links or providing personal information to unverified sources. Other hacking groups will try to capitalise on these attacks by trying to impersonate the retailers who have been affected.
Keep devices up-to-date: regularly update your devices and applications to protect against vulnerabilities.
Have business continuity / disaster recovery plans in place: these plans are not just for if your offices suffer from a fire or get flooded, it also includes cyberattacks. It has been rumoured that Marks & Spencer in particular did not have a business continuity plan in place for a cyberattack.
Make sure you have good recent backups: in an ideal world you should backup daily, which would give you the quickest recovery time as the data is only one day old. However, ensuring you do backups on a regular basis is more critical than their frequency.
Consider Endpoint Detection and Response (EDR) if you don’t already have it: this will check for software that may have been planted or left behind months ago to lay in wait to attack the network.
Monitor Account Activity: Regularly check your accounts for any unauthorised transactions or any login attempts.

Conclusion

These attacks are a wake-up call to all of us. The measures above are the minimum we should be doing in our work and personal lives to keep our devices and details safe.

Posted in NewsTagged Business Continuity, cybercrime, Cybersecurity, Disaster Recovery, MFA, multi-factor, Multi-Factor Authentication, multifactor authentication, Passwords, updates

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.