The wave of recent ransomware and identity-based attacks on retail giants, including Marks & Spencer, Co-op and Harrods, has sent shockwaves through the business community. Orchestrated by the sophisticated threat group Scattered Spider alongside the ransomware-as-a-service outfit Dragon Force, these coordinated attacks caused millions in losses and weeks of disruption.
| Company | Date | Type of Attack | Impact |
| Marks & Spencer | April 2025 | Identity-based breach via third-party (TCS); ransomware (DragonForce) | • Online shopping paused for 30+ days • Estimated £30M loss • Customer data (including personal details) compromised |
| Co-Op | May 2025 | Similar attack vector as M&S; Identity compromise; ransomware | • Logistics systems disrupted • Hackers claimed to have the private information of 20 million customers (source: BBC) |
| Harrods | May 2025 | Attempted intrusion via social engineering (no full breach confirmed) | • Proactive network quarantine • No confirmed data loss • Threat neutralised pre-breach |
| Dior | May 2025 | Unauthorised database access | • Impacted Dior’s fashion accessories customers • Exposed names, gender, phone, email, postal addresses, purchase history/preferences • Incident mainly in China & South Korea |
| Adidas | May 2025 | Third-party customer service provider breach | • Contact information accessed; no passwords or card data compromised |
| The North Face | April 2025 | Credential-stuffing attack | • Names, email, shipping / address, purchase history, birth date & phone (if stored) accessed • No financial data |
| Cartier | June 2025 | Unauthorised temporary system access | • Names, emails, country of residence, shipping/purchase info exposed • No financial data |
These incidents, driven by identity-based breaches and ransomware, disrupted operations, exposed millions of customer records and caused substantial financial losses. Crucially, they underscore the urgent need for proactive security measures, especially around third-party access, identity protection and incident response preparedness.
While these incidents targeted the retail sector, they serve as a crucial wake-up call for every organisation, regardless of its industry.
Attendees of our Retail Attacks, Business Lessons: 5 Critical Actions All Businesses Must Take to Strengthen Security Webinar were asked:
“What surprised you most about the recent wave of attacks?”
Most answered: “The scale and coordination across all brands.”
While phishing and isolated breaches are expected, many were unprepared for how synchronised these attacks were. This marks a strategic shift: attackers are collaborating. Defenders must do the same. Shared intelligence and unified defences are now business-critical.
These attacks did not exploit firewalls or software flaws alone—they capitalised on the following:
In fact, during our recent Retail Attacks, Business Lessons: 5 Critical Actions All Businesses Must Take to Strengthen Security, we asked attendees:
“What’s the biggest cyber security challenge your organisation is facing today?”
The majority responded:
Training staff to avoid social engineering.
This concern is well-founded. The most surprising revelation for many wasn’t just the attack itself—but the scale and level of coordination across multiple brands. These were not opportunistic hacks—they were orchestrated campaigns.
Attackers are increasingly bypassing technical controls by targeting people, using tactics like phishing, MFA fatigue and impersonation.
But training alone isn’t enough.
Cyber security must be driven from the top down. Senior leaders need to champion cyber awareness as a core business priority—not just an IT issue. When leadership visibly reinforces the importance of security hygiene, employees are far more likely to take it seriously. Building a resilient organisation requires both informed staff and active engagement from executives who understand the risks and model best practices.
Security hygiene refers to the routine practices and behaviours individuals and organisations adopt to maintain strong cyber security health and reduce risk. Just as personal hygiene prevents illness, good security hygiene helps prevent breaches, data loss and system compromise.
Many of today’s cyberattacks, including those targeting M&S, Co-op and Harrods, began not with a system flaw, but a human vulnerability: a leaked password, a clicked phishing link, or a compromised contractor. That’s why improving security hygiene is everyone’s responsibility, not just IT’s.
But hygiene doesn’t happen in isolation. It must be championed by leadership and embedded into company culture. When senior stakeholders reinforce its importance—by talking about it, modelling good practices and investing in training—employees are more likely to take it seriously.
In short, good security hygiene is the foundation of cyber resilience. Without it, even the most advanced tools can fail.
When asked where they were prioritising future investment, attendees overwhelmingly pointed to:
This reinforces the message: technical controls alone are not enough!
While tools like MFA and endpoint detection are essential, human behaviour remains the most exploited weakness. That’s why organisations are investing in practical, people-focused defences—not just awareness campaigns, but realistic, scenario-based learning.
One of the most effective methods? Tabletop exercises!
These structured simulations allow cross-functional teams—from IT to HR to legal—to rehearse a coordinated response to a cyberattack in a low-risk, high-learning environment. It’s not just about knowing what to do—it’s about practising it, identifying gap and building confidence across the organisation.
Pairing phishing simulations with tabletop exercises ensures that both individual users and leadership teams are prepared to recognise, respond to and recover from real-world threats.
To move from awareness to action, organisations need a clear, practical roadmap for strengthening their cyber defences. Whether you're in retail, finance, healthcare or beyond, the fundamentals remain the same. Below are five critical security actions every business must implement to build real resilience—before the next attack strikes.
To build real cyber resilience, businesses must go beyond firewalls and antivirus software. It requires a layered approach—blending identity security, data protection, detection, human awareness and tested incident response.
With identity-based attacks now the most common entry point, securing user access is non-negotiable.
Your data is what attackers want—protect it as if your business depends on it (because it does).
Cybercriminals don’t clock off at 5PM—and neither can your defences.
As highlighted in our webinar survey, social engineering remains the #1 concern for most organisations. It’s time to strengthen the human firewall.
An untested Incident Response (IR) plan is no better than no plan at all.
You cannot prevent every breach—but you can detect, contain, and recover faster than the attackers expect. The key is proactive investment in people, processes and platforms.
Because the worst time to start securing your business… is after it’s already been breached.
Stay ahead of the curve! |