UK Retailers Hit by Wave of Cyberattacks
May 12th, 2025
Finian Knepper
May 12th, 2025
Finian Knepper
Over the past 3 weeks the UK has been hit by several cyberattacks, all targeting major online retailers such as Marks & Spencer (M&S,) the Co-op, and Harrods. These attacks have resulted in the loss of clothing, food, personal data, and significant sums of money.
According to Reuters, the first attack targeted M&S over the Easter weekend, when customers reported issues with payments and credit card information. The company confirmed last week that it was experiencing a cyberattack and was working to resolve the issue.
The food retailer Co-op reported similar problems on Tuesday, May 29th, being forced to cancel some orders, though it did not specify when the attack began.
The iconic British retailer Harrods confirmed on Friday, May 2nd, that it was also attacked and had to restrict some online services as a result. While the retailers have not disclosed the full extent of the damage, the initial toll appears to be:
M&S has lost $930 million in stock market value following the attack, in addition to losses from stolen products and canceled orders.
Co-op has lost $500 million in market value, along with further losses from canceled orders. On Saturday, the company confirmed that hackers were able to steal personal customer information, potentially including banking and credit card data. This breach may force the company to pay significant reimbursement costs.
Harrods appears to have successfully defended against the attack and has suffered minimal to no losses.
While investigations into the culprits are ongoing, the current suspect is Scattered Spider, a U.S.-based group believed to be operated by teenagers and young adults. Scattered Spider is known for using ransomware—cyberattacks in which hackers steal data or sabotage services and then demand payment for restoration. Their most common methods of entry involve identity fraud and phishing—the same tactics reportedly used in these recent attacks when phishing emails were sent to M&S employees. Experts believe the group is entirely financially motivated.
However, on Saturday, a known affiliate of Scattered Spider, Dragon Force, claimed responsibility for the attacks. As of now, no ransom demand has been made public by either group.
These cyberattacks highlight a critical and growing aspect of international relations: cyberwarfare. In 2010, cyberspace was officially classified as the fifth domain of warfare—after land, sea, air, and space. According to cybersecurity experts, cyberspace is the most civilian-involved and -operated domain of warfare, meaning international attacks often rely on civilian vulnerability and directly impact civilian lives.
The UK attacks have served as a wake-up call for businesses and governments around the world. Insiders from M&S revealed that they had “no plan” for a cyberattack. The UK government issued statements urging businesses to treat security as an “absolute priority” in the coming years—especially with the rise of AI posing new threats to digital infrastructure.
But cybersecurity threats may come from more than loosely organized hacking groups. Experts say that new dangers may arise from coordinated efforts between foreign powers and civilian teams. As cybersecurity expert Allison Nixon states: “Historically speaking, Russian cybercriminals did not like working with Western cybercriminals… There was not only a language barrier, but also they kind of looked down on them and viewed them as unprofessional.”
The recent attacks on Western businesses may have earned U.S.-based groups newfound respect among Russian cybercriminals. Russian collaboration with such actors is nothing new. As Jon DiMaggio, Chief Security Strategist for cybersecurity company Analyst1, explains, Russia doesn’t target cybercriminals inside their country, provided they don’t attack Russia.
This week also brought new revelations regarding Russia’s role in current cyber warfare. On May 1st, France accused Russia of attempting to interfere in the 2017 French elections and of disrupting the Olympic Games with cyberattacks. According to Microsoft, this points to a broader pattern: Russia is becoming increasingly aggressive in its use of cyberwarfare.
A hybrid civilian-military cyber force promises to pose a major threat to businesses and governments around the world. Ultimately, we must rely on cybersecurity teams, government agencies—and employees not trusting emails from “Nigerian princes”—to ensure the systems our modern world depends on remain secure.
Read More Here: