2025 Cyber Attacks on Major Retailers: M&S, Co-op, Adidas, Harrods

Cyber criminals have targeted several major retailers in a series of attacks that disrupted services, exposed customer data, and forced companies to rethink their cybersecurity strategies. In the UK, Marks & Spencer (M&S), Co-op, and Harrods were hit in quick succession during the spring, while Adidas disclosed a separate data breach affecting its global customer base.

Here’s a breakdown of what happened, the suspected attack types, and how each company responded.

Marks & Spencer (M&S) – Ransomware Attack Cripples Operations

In April 2025, M&S suffered a highly sophisticated ransomware attack over the Easter weekend that significantly disrupted operations. The attack forced the company to suspend all online orders and shut down its automated stock management systems, which led to widespread stock shortages in stores.

M&S confirmed that the attackers accessed some customer data – including names, addresses, and order histories – but assured customers that no payment details or passwords were compromised. As a precaution, the company asked customers to reset their passwords.

The retailer’s CEO issued a public apology, stating that every effort was being made to restore services and support affected customers. The attack is believed to have been carried out by the hacking group known as Scattered Spider, and industry analysts estimate the incident could cost M&S up to £300 million in lost profit.

Although M&S has not disclosed whether a ransom was paid, it continues to work with cybersecurity experts and law enforcement to strengthen its defences.

Co-op (Co-operative Group) – Attempted Ransomware Attack Contained

Just days after the M&S breach, Co-op was also targeted by cyber attackers in what is believed to have been an attempted ransomware attack. Fortunately, Co-op’s IT security team detected the intrusion early and took swift action by taking some systems offline before the ransomware could be fully deployed.

As a result, store operations and the website continued running with minimal disruption, although some back-office and call centre systems were temporarily shut down. The attackers, however, had already accessed internal systems days earlier and managed to exfiltrate customer and employee data, including names, contact details, and dates of birth.

Co-op confirmed that no passwords or financial data were compromised. The company described the attack as an instance of unauthorised access and praised the rapid response of its internal teams for containing the breach.

Authorities are now investigating potential links between the Co-op and M&S incidents, with suspicions that the same criminal group may be behind both.

Harrods – Luxury Retailer Thwarts Cyberattack Attempt

Harrods was the third UK retailer to report a cyber incident in spring 2025, confirming that it had recently experienced attempts to gain unauthorised access to its systems. The company’s IT team responded quickly by restricting internet access and shutting down select internal systems as a precaution.

Thanks to these proactive measures, there was minimal impact to Harrods’ operations. All physical stores, including its flagship Knightsbridge location and airport branches, remained open. The Harrods website also continued to operate normally.

The company stated there was no evidence that customer data had been accessed or compromised, and it did not ask customers to take any action. Harrods continues to monitor the situation and is working with authorities as part of an ongoing investigation into whether the incident is linked to the wider campaign that hit M&S and Co-op.

Adidas – Customer Data Breach via Third-Party Provider

In May 2025, Adidas reported a cyber incident involving the unauthorised access of consumer data through a third-party customer service provider. The breach affected individuals who had contacted Adidas customer service and primarily exposed contact details such as names and email addresses.

No financial data, passwords, or payment card information were compromised, and Adidas clarified that its own infrastructure was not directly affected. The company acted quickly to contain the breach, launched an internal investigation with external security experts, and notified affected customers and regulators as required.

In its public response, Adidas apologised for the incident and reaffirmed its commitment to consumer privacy. This breach is not believed to be connected to the UK retail attacks involving M&S, Co-op, or Harrods.

July 2025 Update: Arrests Made in Major Retail Cyberattacks

On July 10, 2025, the UK's National Crime Agency (NCA) announced the arrest of four individuals in connection with the cyberattacks that disrupted operations at Marks & Spencer (M&S), Co-op, and Harrods earlier this year. The suspects—a 20-year-old woman from Staffordshire, two 19-year-old men (one British, one Latvian) from London and the West Midlands, and a 17-year-old British male were detained at their residences. Authorities seized electronic devices for forensic analysis. 

These arrests are linked to the hacker group known as Scattered Spider, notorious for employing sophisticated social engineering tactics, SIM swapping, and phishing techniques to infiltrate organisations. In the case of M&S, the attackers deployed ransomware, leading to a six-week shutdown of online clothing sales and an estimated £300 million loss in operating profit.

Co-op faced significant disruptions, including empty shelves and compromised member data, while Harrods had to restrict internet access to prevent further intrusion. The NCA continues to investigate.

These incidents highlight how even the most well-known and well-resourced retailers remain prime targets for cyber attacks. From ransomware to supply chain vulnerabilities, the methods used by cybercriminals are growing more sophisticated. The varied responses by M&S, Co-op, Adidas, and Harrods also show the importance of early detection, containment protocols, and clear communication in managing a breach.

Further July 2025 Update: Co-op Confirms Scale of Breach

Following the earlier arrests, the Co-operative Group has confirmed that the cyberattack in April 2025 affected approximately 6.5 million members. This marks a significant escalation in the reported impact of the breach, which had initially been described as limited in scope.

While Co-op previously stated that no financial data or passwords had been compromised, the new disclosure reveals the sheer volume of personal information exposed, including names, contact details, and membership numbers. The company is now facing increased pressure to explain its data protection practices and communication with affected customers.

Cybersecurity experts have noted that attacks of this scale can have long-term consequences, including identity fraud and phishing risks, particularly when attackers already have verified personal details.

The Information Commissioner’s Office (ICO) has acknowledged the updated figures and is reviewing whether further regulatory action is warranted.

Businesses in all sectors – not just retail – would benefit from taking note.