From Checkout to Shutdown, A Wake-Up Call for Retailers

With M&S, Co-op and Harrods all caught in the crosshairs of three huge cyber attacks this week, it’s easy to see how they have become part of a growing trend: high-profile, well-resourced companies falling victim to sophisticated cyber threats.

This isn’t just any Cyber Attack, it’s an M&S Cyber Attack

Now into the second week of a cyber attack that has hit one of the UK's oldest and biggest retailers, causing problems in store and shutting down its online operations, Marks and Spencer continue to battle the problems – with no sign of it letting up.  

It began over Easter weekend, disrupting Click & Collect and contactless payments. While those services are now back, online orders remain suspended nearly a week later with no timeline for return. 

The retailer has taken some systems offline to manage the attack, leading to missing food items in stores. Signs on shelves say: "Please bear with us while we fix some technical issues affecting product availability." Food supplies were expected to stabilise by the end of the week—but that remains unclear. 

M&S has also pulled all job listings from its website, citing ongoing technical issues. 

Security experts have confirmed it was a ransomware attack, designed to lock systems and demand payment. Security experts told the BBC on Tuesday a ransomware group which goes by the name "DragonForce" was behind the attack. However, some believe the attack may be linked to the teenage hacker collective known as Scattered Spider.

Harrods Next Under Fire

Harrods is the latest high-profile retailer hit by a cyber attack.

The luxury department store confirmed it had “restricted internet access at our sites” after attempts were made to breach its systems. Stores remain open—including Knightsbridge, H Beauty, and airport locations—and online shopping via their website is still available. 

Harrods hasn’t revealed the full extent of the impact but says no action is currently required from customers. 

The attack follows the similar incidents at M&S and the Co-op. Just this week the Co-op shut down parts of its IT systems. It's still unclear if the incidents are connected. 

According to the National Cyber Security Centre, the recent wave of attacks should serve as a “wake-up call” to the retail sector. Cody Barrow, ex-NSA and now CEO of EclecticIQ, warned that retailers are prime targets due to the sheer volume of customer data and the high cost of downtime. 

Darktrace’s Head of Threat Analysis, Toby Lewis, suggested the attacks may be linked through a shared supplier—or could simply be a sign that more organisations are now spotting threats they would have missed before. 

As of now, we know that M&S has confirmed a ransomware attack, but Harrods and the Co-op have yet to disclose the exact nature of their incidents.

Reacting isn’t Enough, Businesses Must Be Proactive

These attacks are more than headline news articles, they are warnings. If household names like M&S, Harrods and the Co-op can be brought to a standstill, it is a stark reminder that no business is immune to cyber threats. Ransomware doesn’t just threaten operations it threatens customer trust, reputation, and long-term resilience.  

This is why it is instrumental for all businesses, regardless of size, to take a proactive stance on cyber security. Waiting until after an attack is too late. From regular penetration testing and cyber assessments to real-time threat detection and robust incident response planning, the time to act is now.

Below are 5 top actions we recommend taking as a start to strengthening your cyber defences.

Where to Start: Practical Steps for Strengthening Cyber Defences

1. Evaluate Your Supply Chain: Evaluate all third-party partners—especially those with access to sensitive systems. A weak link can open the door.

2. Secure Critical Infrastructure: Review EPOS and stock management systems. Ensure they’re fully patched, access is tightly controlled, and networks are properly segmented.

3. Invest in 24/7 Threat Monitoring: Detection and response must run around the clock. Regulatory compliance isn’t enough to counter advanced attacks.

4. Stress-Test Your Response Plans: Run regular tabletop exercises to simulate ransomware attacks and uncover real gaps in your incident handling.

5. Train Staff to Spot Threats: Your people are the first line of defence. Equip them to recognise phishing and social engineering before attackers gain a foothold.

At CybaVerse, we help organisations assess their vulnerabilities, strengthen their defences, so that when threats strike, they are ready.  

If you'd like to speak to a member of our team about your cyber security strategy and how to strengthen it, contact us today and someone will be in touch.