Recent cybersecurity breaches at major retailers like Marks & Spencer (M&S), Co-op, and Hertz have underscored the growing vulnerability of the retail sector to sophisticated cyberattacks. These incidents, occurring in April and May 2025, highlight the urgent need for robust cybersecurity measures in an industry increasingly reliant on interconnected digital systems.
Marks & Spencer: A Devastating Ransomware Attack
Marks & Spencer, a British retail giant, has been grappling with a severe cyberattack that began over the Easter weekend in 2025. The attack, linked to the hacking group Scattered Spider and ransomware operator DragonForce, forced M&S to suspend online orders, disrupt in-store operations, and block remote staff from accessing systems. The breach started as early as February 2025, with hackers stealing sensitive data, including the Windows domain’s NTDS.dit file, which contains user credentials. This allowed them to encrypt a server, causing widespread chaos.
“The M&S breach underscores the vulnerability of retail IT infrastructure, which has become an increasingly attractive target for cybercriminals.” – City A.M.
(https://www.cityam.com/ms-breach-exposes-retail-sectors-security-risks/)
The fallout has been significant, with M&S’s stock dropping 10% and online sales halted for weeks. The retailer has engaged cybersecurity firms like CrowdStrike, Microsoft, and Fenix24 to investigate and contain the incident, but recovery could take months. The attack has also led to canceled shifts for workers and a “bruise” to M&S’s reputation, as noted by analysts.
Co-op: A Massive Data Breach
Co-op, another major UK retailer, faced an attempted hack in late April 2025, with the same DragonForce group claiming responsibility. The hackers boasted of stealing personal data from 20 million current and past Co-op members, including names and addresses. Initially, Co-op downplayed the incident, claiming it had a “small impact” with no evidence of compromised customer data. However, subsequent admissions revealed the breach was far more serious, affecting a significant number of customers.
“Hello, we exfiltrated the data from your company,” the hackers taunted in extortion messages to Co-op’s cybersecurity head. – Daily Mail
In response, Co-op disabled parts of its IT systems and restricted remote access to curb the spread of the attack. The incident has raised concerns about the retailer’s transparency and preparedness, especially as DragonForce warned that this was “just the start” of their campaign against British retailers.
Hertz: Customer Data at Risk
In the U.S., Hertz reported a data breach in April 2025 that exposed customer information. While specific details about the breach’s scope and impact are still emerging, it adds to the growing list of retail and service companies targeted by cybercriminals. The incident highlights the global nature of cyber threats, with attackers exploiting vulnerabilities in payment systems, customer databases, and remote access protocols.
Why Retail is a Prime Target
The retail sector’s interconnected systems, spanning payment processing, click-and-collect services, and online platforms, present multiple entry points for cybercriminals. The M&S attack, for instance, disrupted contactless payments and click-and-collect services, illustrating how deeply integrated digital operations are in modern retail. Experts warn that ransomware, phishing, and data theft are becoming more sophisticated, with groups like Scattered Spider and DragonForce employing advanced tactics.
Julius Cerniauskas, CEO of Oxylabs, noted, “By freezing critical systems, criminals create chaos for both customers and the business,” affecting orders, payments, and store operations. The retail sector’s reliance on third-party vendors and legacy IT infrastructure further exacerbates these risks.
(https://www.cityam.com/ms-breach-exposes-retail-sectors-security-risks/)
Lessons for Retailers and Consumers
The recent breaches offer critical lessons for the retail industry:
Prioritize Cybersecurity: Retailers must invest in resilient systems, regular security audits, and employee training to detect and prevent attacks.
Transparent Communication: M&S’s proactive communication helped mitigate long-term reputational damage, while Co-op’s initial downplaying of the breach eroded trust.
Contingency Plans: Retailers need robust backup systems and recovery protocols to minimize downtime and customer disruption.
Consumer Vigilance: Customers should change passwords, monitor accounts for suspicious activity, and be wary of phishing attempts following a breach.
Britain’s call for companies to prioritize cybersecurity, as emphasized by government officials at the CyberUK conference in Manchester, underscores the urgency of these measures.
The Road Ahead
As cyberattacks grow in frequency and sophistication, the retail sector must adapt to a new reality where digital operations are both a strength and a vulnerability. The M&S, Co-op, and Hertz breaches serve as a wake-up call for retailers to bolster their defenses and for consumers to stay vigilant. With groups like DragonForce continuing to target high-profile brands, the battle against cybercrime is far from over.
For the latest updates on cybersecurity and retail, stay tuned to our blog or follow real-time discussions on platforms like X.
