M&S, Co-op & Harrods cyber-attacks — key cybersecurity lessons for retailers

Updated 4 June 2025

Three major retailers — Marks & Spencer (M&S), Co-op and Harrods — were subjected to major cyber-attacks in the past week as part of apparent blackmail schemes, with the hackers themselves warning that further attacks to UK retailers are in the works.

As of 4 June 2025, M&S is still working to restore some of its services. It expects that disruption to its online business will continue until July and has estimated that the lost profits from the incident will be in the region of £300m. 

Such attacks highlight the importance of having solid cybersecurity measures in place as well as transparent communications with customers in the aftermath of an attack.

Here, cybersecurity and data protection expert Eleanore Beard delves further into these attacks and outline five key steps to take in any cyber-attack preparedness and response plan.

Operational chaos & data security concerns

Knowledge of the cyber-attack on M&S surfaced over the Easter weekend, when customers began reporting issues with ‘click & collect’ and contactless payment options. 

In response, M&S suspended online orders. However, it has been reported that the incident has affected other parts of is operations, such as stock management and bulk orders. M&S has also confirmed that there was a loss of personal data including, names, date of birth, contact details, household details and order history.

Additionally, the cyber-attack has impacted its recruitment platform — forcing M&S to pull all vacancy adverts and preventing candidates from applying for jobs. 

It has also been reported that the Co-op and Harrods shut down parts of their IT systems in response to hackers attempting to gain access.

All this has led to financial losses, operational chaos and concerns over data security for the targeted retailers.

The attack on M&S is believed to be the work of ransomware group DragonForce, a cybercriminal syndicate that operates ransomware which is then used to carry out attacks and extortions. 

DragonForce may be linked to the infamous hacking group Scattered Spider, which is said to be behind over 100 targeted attacks since 2022 including on casino operator Caesars Entertainment, which paid a £11.2m ransom to restore its network.

Cyber-attack responses

These incidents highlight the growing threat of cyber‑attacks and underline the need to regularly reassess security measures and ensure that you can implement effective response strategies.

Any internet‑connected service carries the risk of a serious breach or security incident. Even with strong cybersecurity expertise in place, cybercrime remains a significant concern — and the way an organisation responds to an attack is critical. Delays in addressing an incident only increase the potential impact.

Strengthening your resilience starts with understanding the key steps every organisation should take to prepare for and respond to modern cyber‑attacks.

The British Library

While the M&S attack has revealed significant deficiencies in its cybersecurity measures and the whereabouts of its data, it's helpful to consider how others have managed similar crises. 

One notable example is the British Library. Following a catastrophic ransomware cyber-attack in October 2023, its response in how it dealt with affected data subjects received widespread praise.

Despite the attack leading to the theft of 600GB of internal data and significantly disrupting its operations, the British Library issued regular, comprehensive updates about its recovery status and published a detailed cyber incident review that outlined its IT weaknesses and lessons learned, which helped to build back trust with its data subjects. 

The ICO commended the British Library for its transparency and its commitment to improving security measures.

However, it’s sobering to note that despite these commendations, the British Library’s IT systems have still not been fully restored more than 18 months later.

Talk to us 

By adhering to ICO guidelines and maintaining transparency, organisations can address the complexities of cyber-attacks while preserving trust and integrity.

Our specialist cybersecurity lawyers advise on the full life cycle of incidents — from building resilience by developing proactive governance and risk management measures to assisting with incident response management and disclosure to the NCSC and ICO. 

For businesses looking to navigate the complexities of cybersecurity, legal guidance is essential. We’re uniquely positioned to help organisations transform challenges into opportunities while ensuring compliance. 

Talk to us by giving us a call on 0333 004 4488, sending us an email at hello@brabners.com or completing our contact form below.