Three of Britain’s biggest retailers Harrods, Marks & Spencer, and Co-op have reported cyberattacks in the past two weeks, with security officials and lawmakers now sounding alarms about the vulnerability of the UK’s consumer sector. With ransomware gangs like Scattered Spider suspected to be behind the breaches, the UK’s cybersecurity response and private sector preparedness face fresh scrutiny.
Wave of Cyberattacks Jolts UK Retail Giants
A sudden surge of cyberattacks targeting the UK’s top retail brands has sparked alarm across government agencies, intelligence circles, and the retail industry. In just two weeks, Harrods, Marks & Spencer (M&S), and the Co-operative Group (Co-op) have all confirmed incidents that disrupted digital services, triggered emergency responses, and revealed serious cybersecurity lapses within the sector.
The National Cyber Security Centre (NCSC), part of GCHQ, confirmed this week that it is working with the affected organizations to assess the nature and scope of the attacks. Dr. Richard Horne, CEO of the NCSC, issued a stern warning: “These incidents should act as a wake-up call to all organisations.” He urged corporate leaders to adopt the agency’s recommended cyber defense protocols and strengthen their readiness for recovery.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
The incidents underscore what officials say is a growing trend: retailers, with their sprawling digital infrastructure and customer data, have become prime targets for ransomware groups and nation-state-level actors.
Marks & Spencer Hit by Ransomware, Harrods and Co-op Contain Intrusions
Among the hardest hit was Marks & Spencer, whose online ordering, contactless payments, and Click & Collect services were crippled last week in a confirmed ransomware attack. Security researchers identified the Scattered Spider hacking group as the likely perpetrator. The attackers deployed DragonForce ransomware, the same strain used in past hits on MGM Resorts, Caesars, and DoorDash.
Scattered Spider is known for sophisticated social engineering tactics that exploit employee accounts through phishing and SIM-swapping. Their targets often include large consumer-facing organizations with a high dependency on 24/7 digital infrastructure making downtime both costly and reputationally damaging.
Meanwhile, Harrods confirmed that an attempted breach of its network occurred on May 1. In response, the luxury department store restricted internet access and internal systems. Though officials have not confirmed the extent of the breach, the precautionary lockdown suggests a serious intrusion attempt.
The Co-op supermarket chain also acknowledged a cyber incident that prompted the disabling of VPN access and internal communications alerts. A memo from Co-op’s Chief Digital Officer Rob Elsey called on staff to be vigilant, signaling an active containment strategy in progress.
Government Oversight, Sector Accountability Now in Focus
As the digital disruptions ripple outward, the UK Parliament’s Business and Trade Committee has summoned the CEOs of Harrods, M&S, and Co-op for testimony. The committee seeks clarity on the extent of support provided by the NCSC and National Crime Agency, and whether the attacks were adequately reported and handled under existing cybersecurity compliance frameworks.
Experts argue the retail sector’s over-reliance on legacy systems, decentralized IT infrastructure, and lack of mandatory cybersecurity audits may have left it exposed. While financial services and critical infrastructure are bound by stringent cyber laws, consumer retail often falls between regulatory gaps.
“Retailers process millions of transactions daily and sit on mountains of personal data, yet many of them still view cybersecurity as an IT issue rather than a boardroom priority,” said a cybersecurity policy analyst with a UK think tank.
With consumer trust and national economic stability at stake, the NCSC reiterated its call for cross-sector partnerships, proactive patch management, incident response plans, and simulations to test business continuity.