UK Retailers Under Cyber Attack: Co-op Member Data Compromised
The UK retail sector has been hit by a series of cyber attacks in recent weeks, with several high-profile retailers, including Marks & Spencer, Harrods, and the Co-op, falling victim to the malicious activities. While it is unclear whether these attacks are linked, experts warn that the affected businesses must take immediate action to mitigate the damage.
The Marks & Spencer Incident
The latest cyber attack to hit a UK retailer was reported by Marks & Spencer on April 22, 2025. The company confirmed that it had been forced into defense mode following a "cyber incident," which led to the temporary suspension of online orders and the emptying of shelves in its physical stores. However, it is still unclear whether customer or company data has been compromised.
The Harrods Incident
Harrods Group, which operates the famous luxury London department store Harrods, recently confirmed that it had been targeted by a cyber attack. The company stated that it had taken immediate steps to protect its systems and keep them safe. Unlike Marks & Spencer, Harrods is keeping its online shop running.
The Co-op Incident
The Co-op, a British consumer co-operative that runs a grocery retail business, confirmed last week that it had also been hit by the cyber attack. According to reports, the attackers infiltrated the Co-op's IT networks and systems several days before the official confirmation and stole private information of millions of its members, customers, and employees. However, the Co-op CEO Shirine Khoury-Haq has confirmed that only limited member data was accessed, including name, date of birth, and contact details.
The Attackers' Tactics
Experts warn that the attackers are using social-engineering tactics to gain initial access to a company's network. They will often pose as company IT or helpdesk staff to trick employees into divulging account credentials or OTP codes. Once inside, the attackers will use various techniques, including MFA bombing and SIM swapping, to obtain further access.
The Response from Experts
Cybersecurity researcher Kevin Beaumont has criticized the Co-op for downplaying the severity of the attack and not informing affected staff and members promptly or fully. He also pointed out that the attackers may be part of the English-speaking Scattered Spider collective, but are using tactics popularized by them.
Advice from the NCSC
The UK National Cyber Security Centre (NCSC) is working with the affected retailers to understand the nature of the attacks and minimize the harm done by them. Jonathon Ellison, NCSC's National Resilience Director, and Ollie Whitehouse, the Centre's CTO, warned that while they have insights into the attacks, it is unclear whether they are linked or not.
Prevention is Key
Experts emphasize that good defenses to keep out bad actors are essential, but organizations must also be able to detect threat actors when they use employees' legitimate access and be prepared to contain the attackers and recover from the attack. The NCSC advises defenders to review previous reports on Lapsus$ and Scattered Spider to learn how to fend off these types of attacks.
The Link Between Attacks
While it is unclear whether the attacks are linked, cybersecurity researcher Kevin Beaumont has stated that he believes they are connected. He also warned that the attackers' PR team claims more attacks are to come, and that organizations must be prepared for this possibility.
Conclusion
The recent cyber attacks on Marks & Spencer, Harrods, and the Co-op have highlighted the importance of cybersecurity in the UK retail sector. While it is unclear whether these attacks are linked, experts warn that affected businesses must take immediate action to mitigate the damage. By understanding the tactics used by attackers and taking proactive measures to prevent similar attacks, organizations can minimize the harm done by these malicious activities.