What to Do if You Are Affected by a Retailer Cyberattack

In April and May 2025, several prominent UK retailers including Marks & Spencer (M&S), Co-op, and Harrods experienced significant cyberattacks. At the time of writing we have not had confirmation of these attacks but consider them to be a Ransomware attack. These incidents are disrupting services, compromising customer data, and highlight vulnerabilities in retail cybersecurity. This guide aims to help you as a consumer take the steps you can take to protect yourself.

What is a Retailer Cyber Attack?

A retailer cyber attack involves unauthorised access to a retailer's digital systems, often aiming to steal data, disrupt operations, or demand ransom. Common methods include:

• Phishing: Deceptive emails tricking employees into revealing credentials.

• Social Engineering: Manipulating individuals to gain system access.

• Ransomware: Malicious software encrypting data, with attackers demanding payment for restoration.

How Does This Affect Me?

As a consumer of any retailer, the consequences of such attacks can directly impact you:

• Data Breaches: Personal information, such as names and contact details, may be exposed.

• Service Disruptions: Inability to place orders or access services.

• Financial Loss: Potential fraudulent transactions or identity theft.

• Emotional Distress: Anxiety over personal data security.

What Should I Do Now?

1. Monitor Your Accounts: Regularly check bank and credit card statements for unauthorised transactions.

2. The organisation should be able to: confirm if your information has been compromised; listen to how this affected you; and advise on what further steps you can take.

3. Change Passwords: Update passwords for accounts associated with the affected retailers.

4. Enable Two-Factor Authentication (2FA): Add an extra layer of security to your online accounts.

5. Be Vigilant Against Phishing: Be cautious of unsolicited emails or messages requesting personal information, especially from the current affected organisations.

6. Check for Official Communications: Refer to the retailers' official channels for updates and guidance.

How Can I Protect Myself in the Future?

To enhance your personal cybersecurity and reduce future incidents from happening you should:

• Use Strong, Unique Passwords: Avoid reusing passwords across different accounts.

• Regularly Update Software: Keep devices and applications up to date to patch security vulnerabilities.

• Educate Yourself: Stay informed about common cyber threats and how to recognize them.

• Utilise Security Tools: Consider using reputable antivirus and anti-malware software.

• Report details of lost or stolen documents: Such as passports, driving licences, credit cards and cheque books to the organisation that issued them.

• Inform your bank, building society and credit card company of any unusual transactions on your statement.

• Watch out for any suspicious emails, text messages and websites. There may be fake messages lurking amongst genuine ones that can be very difficult to spot.
  

Where Can I Get More Help?

There are additional resources and support services you can access for further assistance.

• Information Commissioner's Office (ICO): Offers guidance on data protection rights and how to report concerns.

• Action Fraud: The UK's national reporting centre for fraud and cybercrime.

• National Cyber Security Centre (NCSC): Provides advice and support on cybersecurity issues.