💰💣

Marks & Spencer, Co-op, Harrods Security Incident

2025 264 days ago Resolved

Incident Overview

Situation Description

Three major UK retailers, Marks & Spencer, Co-op, and Harrods, experienced significant cyber incidents involving ransomware and data theft, highlighting new threat tactics.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Retail

Geographic Scope

National (UK)

Response Actions

Hardened Attack Surface Conducted Employee Training Revised Incident Response Plan

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Credentials

Primary Impacts

Operational Disruption Data Exposure

Key Decisions Made

Audit supplier access regularly and revoke dormant accounts.; Segment retail and back-office systems on the network.; Run ransomware simulations that involve executives, IT, legal and communications.

Technical Analysis

Attack Method

Social Engineering

Threat Actor Attribution

Scattered Spider Octo Tempest

Vulnerability / Tool

DragonForce

Additional Information

Home Blog From Marks & Spencer to Harrods: What the Retail Cyber Surge Reveals About Modern Threats From Marks & Spencer to Harrods: What the Retail Cyber Surge Reveals About Modern Threats May 8, 2025 From Marks & Spencer to Harrods: What the Retail Cyber Surge Reveals... In just two weeks, three of the UKs best-known retailers Marks & Spencer, Co-op and Harrods have each confirmed serious cyber incidents.The UKs National Cyber Security Centre (NCSC) has called these events a wake-up call, warning that every organisation should examine its readiness to detect, respond to and recover from an attack. These arent isolated IT issues. They are targeted, coordinated campaigns disrupting core business operations, from payments and logistics to customer data and digital identities. What Happened? A Quick Recap Marks & Spencer suffered a ransomware breach that disrupted contactless payments, Click & Collect services and online ordering. The attackers deployed DragonForce ransomware, compromising the companys virtual server infrastructure. Co-op initially described its incident as a contained intrusion. However, it has been confirmed that the theft of customer dataand internal messages suggests a deeper compromise. Attackers reportedly infiltrated Microsoft Teams, impersonating executives to deliver extortion messages directly to staff. Harrods detected an attempted breach and took pre-emptive action by restricting internet access across its estate. No data breach has been confirmed, but the investigation is ongoing. All three incidents are linked to a group known as Scattered Spider (also referred to as Octo Tempest by Microsoft - source )cybercriminals who specialise in identity-based compromise, helpdesk impersonationand social engineering . Why It Matters: The New Ransomware Playbook This new generation of attackers doesnt break down doorsthey log in through the front. They: Steal credentials using phishing and SIM swapping Hijack cloud identities and reset passwords...

... (truncated for display)

Quick Facts

Company:: Marks & Spencer, Co-op, Harrods
Date:: 2025
Status:: Resolved
Decision Maker:: Dominic List
Position:: CEO of CyberOne
Published:: 8/05/2025

Source Information

Original Query

Caesars Entertainment vs MGM Resorts ransomware response and recovery comparison

View Original Source

Timeline

Information Published

8/05/2025

Incident Occurred

2025 (264 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats