top of page
Search

The Surge of Cyber Crime in the UK and Ireland: Harrods, Co-op, and Marks & Spencer Attacks


Recent cyber attacks on Harrods, Co-op, and Marks & Spencer highlight rising cybercrime risks in the UK and Ireland. Learn how these breaches happened and key steps businesses can take to stay protected.


In spring 2025, the UK and Ireland’s retail sector faced an unprecedented wave of cyber crime, with high-profile attacks disrupting operations at Harrods, Co-op, and Marks & Spencer (M&S). These incidents underscore the growing threat posed by sophisticated cybercriminal groups and highlight the urgent need for robust cyber security across all industries.


What Happened? A Timeline of Recent Attacks

Marks & Spencer - M&S:

  • The attack on M&S began quietly, with hackers believed to have infiltrated systems as early as February 2025. Customers first noticed issues over the Easter weekend, when contactless payments failed and online orders were suspended.

  • By late April, M&S had pulled its website and app offline, halting online orders, returns, and tracking. The attack, attributed to the notorious "Scattered Spider" group, involved the deployment of DragonForce ransomware, which encrypted key systems and forced the retailer to revert to manual stock management.

  • The financial impact has been severe: M&S projects a loss of £300 million in operating profit, with ongoing disruptions expected to last into July. The company’s market value has dropped by over £1 billion, and customer data may have been compromised.


Co-op:

  • Around the same time, Co-op convenience stores across the UK experienced significant supply chain disruptions due to a cyber attack. Shops reported empty shelves and reduced deliveries, with some branches receiving only two-thirds of their usual stock.

  • Co-op confirmed it had to bring internal systems back online to restart ordering and supply chain processes. The attack also led to data theft, with customer information at risk, and issues with card payments.

  • The attack is believed to be linked to the same group that targeted M&S, with similar tactics involving ransomware and social engineering.


Harrods:

  • Harrods, the luxury department store, also reported attempted cyber intrusions during this period. While the impact was less severe than at M&S or Co-op, the incident prompted Harrods to restrict internet access at its stores as a precautionary measure.

  • Harrods’ response highlights the growing vigilance among retailers, but also the reality that even well-resourced brands are not immune to cyber threats.


How Did These Attacks Happen?

Security experts believe the "Scattered Spider" group orchestrated these attacks using a combination of technical exploits and social engineering:

  • Ransomware Deployment: Attackers used ransomware to encrypt critical systems, crippling online services and internal operations.

  • Social Engineering: Hackers tricked IT help desk staff through tactics like SIM-swapping and phishing, gaining access to sensitive credentials and internal networks.

  • Supply Chain Vulnerabilities: In M&S’s case, attackers exploited weaknesses in third-party supplier systems to gain a foothold, then moved laterally to extract password hashes and escalate their access.


The Impact: Financial Losses and Operational Disruption

  • M&S: £300 million in lost profits, over £1 billion wiped from market capitalisation, and ongoing disruption to online and in-store operations.

  • Co-op: Widespread supply chain issues, empty shelves, and compromised customer data.

  • Harrods: Preventative IT restrictions and heightened security posture.


These incidents have not only led to financial losses but also damaged customer trust and forced retailers to rethink their cyber security strategies.


Lessons for All Businesses

The coordinated nature of these attacks demonstrates that no organisation is too large or too small to be targeted. Attackers are increasingly exploiting both technical vulnerabilities and human error, often through third-party suppliers or social engineering. The retail sector, with its complex supply chains and reliance on digital systems, is particularly vulnerable but the lessons apply to every industry.


Advice from System Bypass:

  • Regularly update and patch systems to close known vulnerabilities.

  • Train staff to recognise and report phishing and social engineering attempts.

  • Secure supply chain partners and assess third-party risks.

  • Prepare and test incident response plans to minimize downtime and data loss.

The recent cyber attacks on Harrods, Co-op, and Marks & Spencer are a wake-up call for businesses across the UK and Ireland. As cybercriminals grow more sophisticated, proactive security measures and a culture of vigilance are essential to protect operations, data, and reputation.


For expert guidance on cyber security best practices and to discover how a dedicated security testing provider can safeguard your business, reach out to our team today.


 
 

Recent Posts

See All
bottom of page