The United Kingdom’s National Cyber Security Centre (NCSC) has issued a stark warning following a wave of cyberattacks targeting some of the country’s most prominent retail chains. Calling the incidents a “wake-up call,” the agency urged organisations to strengthen their cybersecurity posture amid growing threats.
The NCSC, a division of GCHQ responsible for cybersecurity guidance across the UK’s public and private sectors, confirmed it is working closely with the impacted retailers to understand the scope and impact of the attacks.
“The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public,” said NCSC CEO Dr Richard Horne.
“These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”
In the past two weeks, major British retailers Marks & Spencer, Co-op, and Harrods have all reported cybersecurity breaches. Harrods confirmed that threat actors attempted to infiltrate its systems on May 1st, prompting the luxury department store to restrict access to certain websites—a move that suggests defensive measures were enacted during an active threat.
Around the same time, the Co-operative Group revealed it was also the target of a cyberattack.
In an internal memo, Co-op’s Chief Digital and Information Officer Rob Elsey warned staff to exercise caution with email and Microsoft Teams usage, adding that VPN access had been shut down as part of containment efforts.
Marks & Spencer, one of the UK’s most iconic retail brands, faced disruptions across its online ordering platform and in-store services such as contactless payments and Click & Collect. The incident has since been identified as a ransomware attack, with sources confirming the involvement of threat actors linked to the Scattered Spider group.
The attackers reportedly used DragonForce ransomware—tactics that have also been deployed in previous high-profile breaches at companies like MGM Resorts, Coinbase, and Reddit.
In light of these incidents, the UK Parliament’s Business and Trade Committee has sought clarification from the CEOs of Marks & Spencer and Co-op on the level of support received from government agencies such as the NCSC and the National Crime Agency.
