Trending

ee-track">
Link copied!

Cyberattacks Hit Leading UK Retailers as NCSC Urges Stronger Defences

Multiple cyberattacks have recently struck some of the UK’s most iconic retailers, prompting concern from industry leaders and cybersecurity authorities. Among the affected organizations are Harrods, Marks & Spencer, and the Co-op, all of which…

May 5, 2025 · 4 min read
Cyberattacks Hit Leading UK Retailers as NCSC Urges Stronger Defences

Multiple cyberattacks have recently struck some of the UK’s most iconic retailers, prompting concern from industry leaders and cybersecurity authorities. Among the affected organizations are Harrods, Marks & Spencer, and the Co-op, all of which have confirmed incidents targeting their digital infrastructure in late April and early May 2025. The UK’s National Cyber Security Centre (NCSC) is currently working alongside these retailers to investigate the attacks and mitigate potential damage.

In an official statement, NCSC CEO Dr Richard Horne addressed the situation, saying:

“The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers, and the public.

The NCSC continues to work closely with organizations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.

These incidents should act as a wake-up call to all organizations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”

Harrods Cyberattack Prompts Emergency Response

Harrods, the world-renowned luxury department store, confirmed that it had recently faced an attempted breach of its IT systems. The Harrods cyberattack occurred in late April and led the retailer to restrict internet access at some sites as a precaution. However, the company assured customers that its physical stores—including the flagship Knightsbridge store, H Beauty outlets, and airport branches—remained fully operational. Online shopping at harrods.com also continued without disruption.

report-ad-banner

In a statement, Harrods noted:

“We recently experienced attempts to gain unauthorized access to some of our systems. Our seasoned IT security team immediately took proactive steps to keep systems safe, and as a result, we have restricted internet access at our sites today. Currently, all sites… remain open to welcome customers.”

The retailer has not disclosed whether customer data was compromised, but pledged to provide updates as the investigation progresses.

Marks & Spencer Cyberattack Tied to Ransomware Group

Around the same period, Marks & Spencer experienced its cybersecurity breach, reportedly linked to the hacking collective Scattered Spider. The attack involved the DragonForce ransomware, which disrupted M&S’s online operations. Online orders were suspended temporarily, and customers faced stock shortages in several physical stores.

An official company update issued on 25 April 2025 acknowledged the cyber incident, stating:

“We have made the decision to pause taking orders via our M&S.com websites and apps. Our product range remains available to browse online. Our experienced team—supported by leading cyber experts—is working extremely hard to restart online and app shopping.”

image 4
Official Communication from M&S on Cyber Incident

Sources close to the investigation estimate that Marks & Spencer could face millions in revenue losses due to the breach. Although no customer action was required at the time, the company promised ongoing communication as new information became available.

Co-op Confirms Data Extraction in Cyberattack

The most recent case involves the Co-op, which issued an update on 2nd May 2025, confirming that hackers had successfully accessed and extracted data from one of its systems. While financial details were not compromised, the breach exposed the names and contact information of a large number of current and former members.

A Co-op spokesperson emphasized the complexity of the situation, stating, “We are continuing to experience sustained malicious attempts by hackers to access our systems. This is a highly complex situation, which we continue to investigate in conjunction with the NCSC and the NCA.”

The Co-op has since implemented enhanced security protocols and apologized to members, expressing regret over the exposure of personal data.

Conclusion

With three major UK retailers affected in quick succession, the NCSC has stepped up efforts to coordinate national cybersecurity defenses. It is urging all organizations, not just those in retail, to assess their cyber resilience and adopt best practices for prevention and recovery.

The incidents affecting Harrods, Marks & Spencer, and the Co-op are being seen as part of a larger trend of cyberattacks targeting high-profile organizations. As investigations continue, the NCSC remains central to coordinating the response and preventing further escalation.

References

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams