Cyber Attacks on M&S, Co-op & Harrods: A Wake-Up Call for SMEs
n the past few weeks, the UK retail sector has been hit by a wave of serious cyberattacks targeting high-profile retailers including Marks & Spencer (M&S), the Co-operative Group (Co-op), and luxury brand Harrods. These cyber incidents have disrupted business operations, exposed sensitive customer information, and served as a harsh reminder that no company—big or small—is safe from cybercrime.

Cyberattacks on M&S, Co-op & Harrods
What Happened?
Marks & Spencer (M&S)
Over the Easter holiday, M&S fell victim to a well-coordinated ransomware attack carried out by a cybercrime group known as Scattered Spider. The group used “DragonForce” ransomware to exploit vulnerabilities in M&S’s digital infrastructure. The attackers gained unauthorised access to personal data such as customer names, addresses, dates of birth, and order details. Although financial data and passwords remained protected, online services were suspended from April 25, and in-store operations were impacted. Market analysts estimate the breach caused a market value drop exceeding £1.2 billion.
The Co-operative Group (Co-op)
Shortly after the M&S incident, Co-op’s systems were targeted in a similar ransomware campaign. The breach crippled their logistics and ordering networks, leading to stock shortages, especially in rural locations. Customer and staff information—including email addresses and birth dates—was accessed. Despite payment systems staying mostly functional, the attack caused widespread operational chaos.
Harrods
Luxury department store Harrods reported an attempted cyberattack on its systems. Fortunately, internal IT security teams quickly detected and neutralised the threat. However, the store restricted internet access across branches as a cautionary step. Though the damage was limited, the attack adds to the growing pattern of retailers being targeted by threat actors.
How It Happened
The breaches at M&S and Co-op stemmed from social engineering attacks, where hackers posed as legitimate IT support staff. They tricked help desk personnel into resetting employee passwords—giving the attackers backdoor access to internal systems. Once inside, the criminals launched ransomware, locking systems and threatening to leak sensitive data unless a ransom was paid.
The motivation? Financial gain. By encrypting core systems and threatening data exposure, attackers pressure organisations into paying to restore access.
A Wake-Up Call for Small and Medium Businesses
Many SMEs still believe cybercriminals only go after large companies—but that assumption is dangerous. In reality, 1 in 5 UK businesses, including 25% of small businesses, experienced a cyberattack in the last year.
The businesses that survive these threats are the ones that prepare. Here are essential cybersecurity steps every SME should take:
- Boost Your Cyber Hygiene
Keep all software and systems updated. Use complex passwords and ensure secure, regularly tested backups are in place. - Train Your Staff
Teach your team how to spot phishing emails, suspicious activity, and impersonation attempts. - Have an Incident Response Plan
Prepare a documented response strategy for isolating breaches, alerting key contacts, and restoring operations. - Get Cyber Essentials Certified
This UK government-backed scheme outlines vital security measures and helps demonstrate your business’s commitment to cybersecurity.
Understanding the Threat
Social engineering is one of the most common—and dangerous—forms of cyberattack. It targets human behavior rather than system flaws, manipulating people into making security errors.
Here are a few common social engineering tactics:
- Phishing: Fake emails or messages that trick recipients into clicking malicious links or sharing sensitive info.
- Pretexting: Using made-up stories to convince staff to reveal information or grant system access.
- Baiting: Tempting users with free downloads or offers that actually contain malware.
- Tailgating: Physically following authorized personnel into restricted areas.
In the M&S and Co-op cases, attackers used pretexting to pose as internal IT staff, successfully gaining access to core systems.
Best Practices to Prevent Social Engineering
To safeguard your organisation from these kinds of attacks, implement the following security measures:
- Employee Education: Run regular training sessions to build awareness of evolving cyber threats.
- Identity Verification Protocols: Enforce strict rules before allowing access to systems or resetting credentials.
- Multi-Factor Authentication (MFA): Use MFA wherever possible to create an extra layer of protection.
- Routine Security Assessments: Conduct frequent audits to uncover and fix security gaps.
- Robust Incident Management: Maintain a detailed, tested plan to act fast when a breach occurs.
By embedding these practices into your culture, you create a security-first mindset that makes your business far less vulnerable to cyber manipulation.
Don’t Wait Until You’re in the Headlines
The cyberattacks on M&S, Co-op, and Harrods aren’t isolated events—they’re a clear warning. As attackers grow more sophisticated, businesses of every size must treat cybersecurity as a top priority. Investing in the right defences, employee awareness, and response plans can protect your operations, your customers, and your reputation.
Don’t wait until it’s your business making headlines for the wrong reasons. Take action today.
Need help improving your cyber defences?
Explore our cybersecurity services or contact our team for expert support on securing your digital environment.
