Retail cyber attacks: A wake-up call for every industry

02 June 2025 12:57 PM | Anonymous

Retail cyber attacks: A wake-up call for every industry

Recently, several UK retailers, including Marks & Spencer, Co-op, and Harrods, were hit by serious cyber attacks. The common thread? Sophisticated social engineering tactics, where threat actors impersonated staff to trick IT service desks into resetting passwords and granting internal access.

Key incidents:

  • Marks & Spencer experienced major disruptions across online ordering, in-store systems, and remote work.
  • Co-op confirmed customer data exposure and ongoing disruption to customers experience.
  • Harrods reported attempted breaches that disrupted platform access.

These coordinated attacks were not random. Intelligence suggests a highly organised threat actor group using advanced social engineering techniques targeted service desks to gain administrative control.

What this means
While these incidents are focused on retail, the techniques used are sector-agnostic. If your organisation has a help desk, remote access tools, or identity management services in place, you are a potential target.

Actionable steps for organisations

At FluidOne, we recommend these steps:

  1. Reinforce protocols
    • Review and tighten procedures around password resets.
    • Implement strong identity verification processes.
    • Train staff on social engineering red flags.
  2. Secure systems
    • Patch VMware hosts to latest level and segment management access via private VLANs.
    • Enforce multi-factor authentication (MFA) and conditional access across all administrative accounts and ensure administrative passwords are secure.
  3. Boost detection & response
    • Monitor for “risky logon” alerts.
    • Deploy threat-hunting techniques and custom detections aligned to emerging indicators of compromise.

For individuals: Stay cyber smart

  • Be cautious of unexpected password reset requests or unfamiliar MFA prompts.
  • Use unique, strong passwords and a password manager.
  • Enable 2FA on all critical accounts.
  • Monitor accounts for unusual activity
  • Stay informed about social engineering.

Final thoughts

Security isn’t just an IT issue, it’s a people issue. Social engineering exploits human trust. These attacks highlight how a single moment of misplaced trust can ripple across an entire organisation, no matter the sector.

  At FluidOne, our experts provide a comprehensive selection of IT Security services, from MFA to Patch Management to keep you safe. We also have our specialised cyber centre of excellence, CSA Cyber, who provide services across Managed Security, Offensive Security, and Security Consultancy.

For more information, You can reach us through https://www.fluidone.com/contact, call us at 01273 384100 or email us at brighton@fluidone.com to get in touch with our experts today to find out how we can help protect your business.