If major UK retailers like Marks & Spencer and Co-op can suffer major data breaches, it’s a wake-up call for every organisation. These were not isolated incidents, they were the result of third-party vulnerabilities.
So, what does it mean for business owners?
It’s whether your business is prepared for such attacks or not. In a time when trust is currency, cyber attackers are rising sharply.
But what exactly went wrong in this case? Who’s behind it? And more importantly, what should you do now?
Let’s find out.
What Happened: A Look at the Incident
Did you know that 43% of UK businesses reported cybersecurity breaches or attacks in the last 12 months? And yet, when the names involved are Marks & Spencer and Co-op, it has a different impact.
Both retailers were targeted recently by the criminal group “Scattered Spider” by using a brute force software called “DragonForce”. For M&S, there’s a projected loss of over £300 million. However, Co-op shutdown their systems on time which saved them from huge losses.
Here’s what we know more about the attacks.
Marks & Spencer: A Quiet Storm
Source: Reuters
M&S is reeling from one of the most disruptive cyberattacks in its history. They have suffered over £300 million in projected losses, empty shelves, paused online orders and stolen customer data.
The attack began over Easter 2025, and M&S was forced to shut down critical systems, including its online shopping services. After an extensive review, M&S has not confirmed whether or not the attack was a ransomware breach.
According to M&S CEO Stuart Machin, the attackers used social engineering tactics to infiltrate the company via a third-party vendor. This means the hackers posed as trusted personnel, tricking employees into handing over access credentials.
What Data Was Stolen?
M&S has acknowledged that the following customer data was stolen:
- Full names
- Home addresses
- Phone numbers
- Email addresses
- Dates of birth
- Online order history
Fortunately, no payment card details or account passwords were compromised. However, the company has urged customers to stay alert and avoid suspicious emails or messages claiming to be from M&S.
Online Orders Still Paused
The company halted all online orders in late April and has only now given a timeline. Their services are expected to resume through June and July. Meanwhile, any orders placed after April 23 are being refunded, and customers with ready-to-collect emails can still retrieve their order in-store.
Even physical store shelves have suffered, particularly food items, as M&S temporarily took some systems offline. Signs in-store apologised for the missing stock, attributing it to “technical issues.”
Source: BBC
The Cost of Chaos
The attack is expected to reduce profits by £300 million this year, with over £500 million in market value wiped out. M&S online business makes up around one-third of clothing and home sales, which equal approximately £3.8 million in daily online revenue.
Suppliers have also been caught in the crossfire, including:
- Greencore, a major food supplier, resorted to using pen-and-paper for order tracking and increased delivery volumes to maintain a steady supply of products on shelves.
- Nails Inc., a beauty brand planning a major launch with M&S, expressed concern but noted the impact was “manageable”.
Co-op: Quick Thinking, Smaller Damage
Source: YorkShirePost
While M&S continues to reel from the fallout of its cyberattack, the Co-op group managed to avoid a much worse scenario, though it did suffer some damage.
In mid-May 2025, Co-op’s IT systems detected suspicious activity over a weekend. According to both internal staff emails and security experts, Co-op acted fast: they intentionally shut down parts of their systems before hackers could fully deploy ransomware.
This rapid response likely saved the company millions in lost data, ransomware demands, and long-term system outages.
The hacker group that targeted Co-op and M&S claimed that Co-op “yanked their own plug,” thwarting the full deployment of ransomware.
What Was the Impact?
Co-op avoided a complete blackout, but private customer data was still stolen. The hackers claim they were inside the network for an extended period before being detected. While the company has not released full details on what kind of data was accessed, experts suggest it includes personal identifiers, emails, and order histories.
This incident led to:
- Temporary shutdowns of internal IT systems for remote workers.
- Increased security measures, such as disabling file sharing on Microsoft Teams.
- Required on-camera presence during internal calls.
- Operational slowdowns, especially in logistics and inventory systems.
What’s the Cost?
While the Co-op hasn’t disclosed the full financial impact, analysts believe the quick response significantly reduced potential losses.
But not all costs are monetary. Trust takes time to rebuild.
Industry Impact: Why This Is a Wake-Up Call
In 2024 alone, the industry experienced a 30% increase in global cyberattacks, with retailers being increasingly targeted for their valuable customer data and payment information. The trend has continued in 2025 as well.
One major factor behind the increase in cyberattacks is the heavy reliance on third-party vendors. These partners often have privileged access to core systems, but don’t always follow the same strict cybersecurity protocols. As a result, they’ve become a prime entry point for threat actors.
Another concern is the rise in supply chain attacks and credential harvesting. This is especially troubling in retail, where speed and scale are prioritised, and older IT infrastructures remain common.
What Can You Do Now to Protect Your Business?
If you’re a UK retailer, the message is clear: the cyber threats of 2025 are more sophisticated, more frequent, and more damaging than ever before.
So, make sure to audit your third-party vendors and invest in 24/7 threat detection tools. Moreover, keep your team trained and ensure compliance with UK data protection laws.
However, even with the best intentions, many businesses struggle to know where to start.
That’s where Rejuvenate IT comes in. We help UK businesses lock down vulnerabilities, stay compliant, and respond to threats in real time.
Call us today on (01202 237 273) or email [email protected]. Let’s secure your future before you’re the next headline.
