Cyber criminals have targeted several major retailers in a series of attacks that disrupted services, exposed customer data, and forced companies to rethink their cybersecurity strategies. In the UK, Marks & Spencer (M&S), Co-op, and Harrods were hit in quick succession during the spring, while Adidas disclosed a separate data breach affecting its global customer base.
Here’s a breakdown of what happened, the suspected attack types, and how each company responded.
In April 2025, M&S suffered a highly sophisticated ransomware attack over the Easter weekend that significantly disrupted operations. The attack forced the company to suspend all online orders and shut down its automated stock management systems, which led to widespread stock shortages in stores.
M&S confirmed that the attackers accessed some customer data – including names, addresses, and order histories – but assured customers that no payment details or passwords were compromised. As a precaution, the company asked customers to reset their passwords.
The retailer’s CEO issued a public apology, stating that every effort was being made to restore services and support affected customers. The attack is believed to have been carried out by the hacking group known as Scattered Spider, and industry analysts estimate the incident could cost M&S up to £300 million in lost profit.
Although M&S has not disclosed whether a ransom was paid, it continues to work with cybersecurity experts and law enforcement to strengthen its defences.
Just days after the M&S breach, Co-op was also targeted by cyber attackers in what is believed to have been an attempted ransomware attack. Fortunately, Co-op’s IT security team detected the intrusion early and took swift action by taking some systems offline before the ransomware could be fully deployed.
As a result, store operations and the website continued running with minimal disruption, although some back-office and call centre systems were temporarily shut down. The attackers, however, had already accessed internal systems days earlier and managed to exfiltrate customer and employee data, including names, contact details, and dates of birth.
Co-op confirmed that no passwords or financial data were compromised. The company described the attack as an instance of unauthorised access and praised the rapid response of its internal teams for containing the breach.
Authorities are now investigating potential links between the Co-op and M&S incidents, with suspicions that the same criminal group may be behind both.
Harrods was the third UK retailer to report a cyber incident in spring 2025, confirming that it had recently experienced attempts to gain unauthorised access to its systems. The company’s IT team responded quickly by restricting internet access and shutting down select internal systems as a precaution.
Thanks to these proactive measures, there was minimal impact to Harrods’ operations. All physical stores, including its flagship Knightsbridge location and airport branches, remained open. The Harrods website also continued to operate normally.
The company stated there was no evidence that customer data had been accessed or compromised, and it did not ask customers to take any action. Harrods continues to monitor the situation and is working with authorities as part of an ongoing investigation into whether the incident is linked to the wider campaign that hit M&S and Co-op.
In May 2025, Adidas reported a cyber incident involving the unauthorised access of consumer data through a third-party customer service provider. The breach affected individuals who had contacted Adidas customer service and primarily exposed contact details such as names and email addresses.
No financial data, passwords, or payment card information were compromised, and Adidas clarified that its own infrastructure was not directly affected. The company acted quickly to contain the breach, launched an internal investigation with external security experts, and notified affected customers and regulators as required.
In its public response, Adidas apologised for the incident and reaffirmed its commitment to consumer privacy. This breach is not believed to be connected to the UK retail attacks involving M&S, Co-op, or Harrods.
These incidents highlight how even the most well-known and well-resourced retailers remain prime targets for cyber attacks. From ransomware to supply chain vulnerabilities, the methods used by cybercriminals are growing more sophisticated. The varied responses by M&S, Co-op, Adidas and Harrods also show the importance of early detection, containment protocols, and clear communication in managing a breach.
Businesses in all sectors – not just retail – would do well to take note.