This week’s Threat Report more on what seems to be a coordinated series of retail cyber attacks, a healthcare data exposure incident, to highly convincing subscription fraud campaigns, and a global shift towards passwordless authentication.
These developments demonstrate the increasing sophistication of cybercriminal tactics and the urgent need for organisations to fortify their defences.
Harrods, the iconic luxury department store based in Knightsbridge, has confirmed a targeted cyberattack, making it the third major British retailer compromised within a single week. This follows similar incidents reported by Marks & Spencer and the Co-operative Group, suggesting a possible coordinated campaign against the retail sector.
Harrods disclosed a “targeted cyber incident”, but declined to confirm whether customer data was accessed.
M&S experienced service disruption caused by a third-party cyber event affecting its website and mobile application.
Co-op reported issues with in-store payment systems at select locations.
The National Cyber Security Centre (NCSC) has urged retailers to review their security posture and increase monitoring.
Exposure of customer data and financial information.
Operational disruption and loss of consumer confidence.
Potential for follow-on attacks if attackers are not disrupted.
Retail organisations should conduct urgent security reviews and bolster defences against ransomware and data exfiltration.
Consumers are advised to monitor financial transactions and update account credentials.
Third-party vendors must be audited for potential vulnerabilities and access limitations.
Ascension, one of the largest private healthcare providers in the United States, has suffered a significant data breach following the compromise of a former business partner’s systems. Patient data from facilities in Alabama, Michigan, Indiana, Tennessee, and Texas has been exposed.
The breach was discovered on 5th December 2024 and confirmed by 21st January 2025.
Ascension inadvertently disclosed sensitive data to a former vendor, whose systems were later compromised due to a software vulnerability.
Data affected includes full names, contact details, Social Security numbers, medical records, diagnoses, and insurance information.
Ascension has launched a full investigation and is offering two years of identity protection services through Kroll.
The organisation confirmed that its internal networks and electronic health records were not breached.
Steps have been taken to review data-sharing practices and strengthen third-party risk controls.
Healthcare entities should enforce strict governance over data-sharing with external partners.
Affected individuals should enrol in credit monitoring and remain vigilant against identity fraud.
Regulators and procurement teams must strengthen vendor risk assessments and require more stringent compliance.
A wave of subscription fraud campaigns has been identified, in which cybercriminals deploy realistic fake e-commerce sites to obtain consumers’ credit card data. These scams exploit psychological manipulation and deceptive subscription models to lock users into ongoing charges.
Methodology:
Victims are lured with low-cost offers (e.g. discounted products or mystery boxes).
During checkout, the user unknowingly consents to recurring charges, often in fine print.
More than 200 websites, many operating from Cyprus, have been found to be involved.
Social media platforms, particularly Facebook, are the primary channels for advertisement and victim acquisition.
Scam Design:
Fraudulent storefronts appear professionally designed and mimic legitimate brand interfaces.
The sites promise vague membership benefits while implementing hidden recurring payment mechanisms.
Credit-based tier systems further obscure the true financial cost.
Recommendations:
Consumers should use virtual payment cards and avoid impulse purchases from unfamiliar sites.
E-commerce platforms must monitor and block suspicious merchant accounts.
Security professionals should implement domain and brand monitoring to detect spoofed storefronts and phishing infrastructure.
Microsoft has announced that over 15 billion user accounts are now eligible for passwordless authentication via passkeys, marking a significant milestone as it celebrates the first-ever World Passkey Day in partnership with the FIDO Alliance.
Passkeys utilise public key cryptography and biometric or PIN-based authentication, replacing traditional passwords.
Microsoft’s approach incorporates the Web Authentication API (WebAuthn) for secure, streamlined access.
Passkey usage is now the default for new Microsoft accounts, with nearly one million passkey sign-ins occurring daily.
69 percent of users have enabled passkeys on at least one account.
Passkeys are reported to be eight times faster than password-plus-MFA login methods.
53 percent of users find passkeys more secure, while 54 percent regard them as more convenient.
Organisations should begin implementing passkey-compatible identity systems.
Security teams must promote awareness and enable passkey features in employee and customer-facing systems.
Developers are encouraged to integrate WebAuthn and related technologies into authentication workflows.
Whether managing customer trust, patient confidentiality, or payment integrity, your organisation must embed resilience into every layer of its digital infrastructure.
At Periculo, we help digital health innovators and high-growth technology companies meet complex compliance obligations and manage security risks with confidence. Our ISO 27001 and CREST-accredited experts provide bespoke solutions to protect your operations and reputation.
Perform immediate third-party risk assessments and limit data access to active vendors only.
Integrate passkey-based authentication to reduce reliance on compromised password systems.
Establish proactive monitoring for phishing infrastructure and suspicious financial transactions.
Stay ahead of emerging cyber threats with insights from Periculo’s Weekly Threat Feed.
Our updates provide you with information on the latest vulnerabilities, attacks, and security trends—all designed to help you protect your business and make informed decisions.
Sign up now to receive threat intelligence straight to your inbox and stay one step ahead of potential risks.
Your first line of defence starts with staying informed.