Opinion: The Onslaught of Cyber Attacks on UK Retail Should Be a Wakeup Call for Us All

What on earth is going on? 

In the past few weeks, several prominent UK retailers have fallen victim to cyberattacks: 

• Marks & Spencer (M&S): Suffered a ransomware attack attributed to the hacking group Scattered Spider, disrupting online sales and affecting in-store services.   
• Co-op Group: Faced an attempted breach leading to the shutdown of certain IT systems, impacting back-office operations.   
• Harrods: Experienced unauthorised access attempts, prompting restricted internet access to safeguard operations.   

---

Why retail and why now? 

The retail industry’s vast customer databases and reliance on public facing digital platforms make it an attractive target for cybercriminals.  

They are particularly vulnerable because: They hold customer payment information and personal details, use third party systems that expose them to a larger attack surface and have very complex setups with multiple attack points – such as payments, distribution, logistics, online and in-store systems. 

Why this is happening now is hard to say, but it might point to a previously discovered zero-day exploit that is now being put to work. 

---

Are they all connected? 

Short answer: Yes, probably. The hacking group believed to be behind the hacks has been in contact with the BBC and claim to the culprits for each of the retail attacks. 

Long answer: Hacking groups often desire notoriety; it’s part of the reason that some get into hacking in the first time – being behind all of these high-profile attacks would garner huge levels of fame in the underground world of hacking.  

If we look at this factually, rather than taking one groups word for it, it would still indicate one entity was behind these attacks, for the following reasons: 

• Timing: All three incidents occurred within a short timeframe. 
• Target Sector: Each attack targeted major UK retail businesses, focusing on companies with extensive customer bases and significant online operations. 
• Attack Methods: The attackers would need to employ sophisticated techniques to target such large organisations.

---

It’s not a matter of IF, BUT WHEN your organisation will become a target. Act now. 

At Trustco Plc, we’ve been saying this for a while now: Cyber Security is no longer just an IT problem, it’s a business-critical risk that top level executives need to take accountability for. 

If huge retailers with world-class resources are getting hit, what does that mean for everyone else? It’s not just about throwing money at tech – it’s about striking the right balance between investment, the right tools, and the people to manage them. 

Protection comes from good strategy, not just spend. Every organisation – big or small – needs a clear plan, trusted partners, and the resilience to respond before disaster strikes. 

But don’t just take my word for it, this is taken directly from the response from The National Cyber Security Centre (NCSC) 

“These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.” 

• NCSC CEO Dr Richard Horne 

What are the best steps you could take today to defence against these specific types of cyber-attacks? 

• Run a Social Engineering Simulation (Phishing Test) 
• Enforce Multi-Factor Authentication (MFA/2FA) on All Accounts 
• Audit Third-Party Vendors and Access Rights 

Not sure where to start with these? Then contact me today for a cyber security chat. Trustco Plc work with the best and brightest cyber security companies and create bespoke plans to suit your requirements.