Multiple cyberattacks have recently struck some of the UK’s most iconic retailers, prompting concern from industry leaders and cybersecurity authorities. Among the affected organizations are Harrods, Marks & Spencer, and the Co-op, all of which have confirmed incidents targeting their digital infrastructure in late April and early May 2025. The UK’s National Cyber Security Centre (NCSC) is currently working alongside these retailers to investigate the attacks and mitigate potential damage.

In an official statement, NCSC CEO Dr Richard Horne addressed the situation, saying:

“The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers, and the public.

The NCSC continues to work closely with organizations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.

These incidents should act as a wake-up call to all organizations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”

Harrods Cyberattack Prompts Emergency Response

Harrods, the world-renowned luxury department store, confirmed that it had recently faced an attempted breach of its IT systems. The Harrods cyberattack occurred in late April and led the retailer to restrict internet access at some sites as a precaution. However, the company assured customers that its physical stores—including the flagship Knightsbridge store, H Beauty outlets, and airport branches—remained fully operational. Online shopping at harrods.com also continued without disruption.

In a statement, Harrods noted:

“We recently experienced attempts to gain unauthorized access to some of our systems. Our seasoned IT security team immediately took proactive steps to keep systems safe, and as a result, we have restricted internet access at our sites today. Currently, all sites… remain open to welcome customers.”

The retailer has not disclosed whether customer data was compromised, but pledged to provide updates as the investigation progresses.

Marks & Spencer Cyberattack Tied to Ransomware Group

Around the same period, Marks & Spencer experienced its cybersecurity breach, reportedly linked to the hacking collective Scattered Spider. The attack involved the DragonForce ransomware, which disrupted M&S’s online operations. Online orders were suspended temporarily, and customers faced stock shortages in several physical stores.

An official company update issued on 25 April 2025 acknowledged the cyber incident, stating:

“We have made the decision to pause taking orders via our M&S.com websites and apps. Our product range remains available to browse online. Our experienced team—supported by leading cyber experts—is working extremely hard to restart online and app shopping.”

Sources close to the investigation estimate that Marks & Spencer could face millions in revenue losses due to the breach. Although no customer action was required at the time, the company promised ongoing communication as new information became available.

Co-op Confirms Data Extraction in Cyberattack

The most recent case involves the Co-op, which issued an update on 2nd May 2025, confirming that hackers had successfully accessed and extracted data from one of its systems. While financial details were not compromised, the breach exposed the names and contact information of a large number of current and former members.

A Co-op spokesperson emphasized the complexity of the situation, stating, “We are continuing to experience sustained malicious attempts by hackers to access our systems. This is a highly complex situation, which we continue to investigate in conjunction with the NCSC and the NCA.”

The Co-op has since implemented enhanced security protocols and apologized to members, expressing regret over the exposure of personal data.

Conclusion

With three major UK retailers affected in quick succession, the NCSC has stepped up efforts to coordinate national cybersecurity defenses. It is urging all organizations, not just those in retail, to assess their cyber resilience and adopt best practices for prevention and recovery.

The incidents affecting Harrods, Marks & Spencer, and the Co-op are being seen as part of a larger trend of cyberattacks targeting high-profile organizations. As investigations continue, the NCSC remains central to coordinating the response and preventing further escalation.

References

• https://www.ncsc.gov.uk/news/retailers-incident
• https://corporate.marksandspencer.com/media/press-releases/cyber-incident-further-update-0
• https://www.co-operative.coop/media/news-releases/cyber-incident-update

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.