Gaping cyber security holes in UK retail giants – will more firms be hit by hackers?

A wave of cyber attacks has exposed major vulnerabilities in some of the UK’s best-known retailers, with Marks & Spencer, Co-op and Harrods all falling victim to breaches in recent weeks. A new report from DynaRisk, titled ‘Surge in cyber attacks on UK retailers’, questions whether these incidents were preventable — and flags urgent concerns about gaps in multi-factor authentication across the sector.

Citing a warning from the UK’s National Cyber Security Centre (NCSC), the report underlines the need for stronger authentication protocols, alongside insights from DynaRisk’s own Breach Check cyber risk scans. The findings point to a growing disconnect between perceived and actual cyber preparedness in retail, as threat actors increasingly target high-profile brands.

Marks & Spencer was hit by a ransomware attack in April that not only suspended online orders and emptied shelves, but also erased over £1 billion from the company’s market value. Potential insurance claims could exceed £100 million, with Allianz and Beazley reportedly among the exposed carriers.

DynaRisk’s scan of M&S identified over 1,300 cyber risk signals — including 376 high-severity issues and thousands of compromised employee credentials. The company’s cyber hygiene is now under scrutiny, raising questions about the adequacy of its digital risk posture ahead of the attack.

In a separate incident, Co-op’s systems were compromised in late April, disrupting payment and online ordering systems. Hackers are believed to have accessed personal data belonging to up to 20 million customers and employees. Notably, attackers reportedly contacted executives using internal messaging tools — a move that suggests deeper systemic weaknesses.

DynaRisk flagged over 3,000 risk signals in the Co-op’s infrastructure, including extensive data leaks and info-stealer malware infections affecting both staff and customers. These findings point to potentially long-standing issues in identity and access management.

Luxury retailer Harrods joined the list of casualties in early May, after cybercriminals exploited vulnerabilities linked to website-overload tools. While the store’s physical and online operations remained largely uninterrupted, DynaRisk’s scan uncovered more than 2,700 risk signals — including a critical vulnerability. Hacker forums had reportedly been discussing Harrods as a target as early as March.

The report suggests that while headline breaches may differ in scope and visibility, the underlying vulnerabilities — such as poor credential hygiene, misconfigured systems and limited MFA deployment — remain widespread.

With more retailers likely to be targeted in the months ahead, the report urges firms to close basic security gaps and treat cyber resilience as a core business function, not a compliance tick-box.

Click here to read the full report.

Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.