Harrods and the Co-Op have become the latest UK retailers to face cyber attack disruption, following ongoing and severe issues at Marks & Spencer (M&S). The incidents, which have unfolded in rapid succession, are raising concerns about the resilience of the retail sector and the potential for wider supply chain risks.
Harrods Responds to Attempted Breach
Luxury department store Harrods confirmed it had “experienced attempts to gain unauthorised access to some of our systems” and, as a precaution, has restricted internet access at its locations. Despite the disruption, all stores-including the flagship Knightsbridge location, H beauty outlets, and airport shops-remain open, and online shopping continues as normal. Harrods stated: “We are not asking our customers to do anything differently at this point and we will continue to provide updates as necessary”.
A spokesperson emphasised that the company’s experienced IT security team “immediately took proactive steps to keep systems safe” and that there is currently no evidence customer data has been compromised.
Co-Op Shuts Down Systems to Thwart Attack
Meanwhile, the Co-Op Group, which operates over 2,300 food stores and 800 funeral homes across the UK, has also reported a similar attempted breach. In response, the Co-Op temporarily disabled parts of its IT infrastructure, including back-office and call centre functions, and restricted remote work access for staff. Employees were instructed to verify video call participants and avoid sharing confidential information online, reflecting fears that hackers could be lurking on internal communication channels.
Despite these measures, all retail stores and funeral homes remain operational. A Co-Op spokesperson said: “We have recently faced attempts to gain unauthorized access to some of our systems. We have taken proactive measures to safeguard our systems”. Experts have commended the Co-Op’s “effective containment strategy” for maintaining business continuity while investigating the incident.
The latest attacks come as M&S continues to grapple with a major cyber incident that began nearly two weeks ago. The retailer’s online clothing and homeware orders remain suspended, shelves are empty in some stores, and warehouse operations are disrupted. The company has also paused recruitment and suspended contactless payments and click-and-collect services.
The attack, reportedly linked to the Scattered Spider hacking group, has forced M&S to rebuild critical IT infrastructure-a process that could take weeks.
Cybersecurity experts say the complexity and interconnectedness of modern retail IT systems make recovery from such attacks slow and difficult. “Every aspect, from tracking inventory to processing card transactions, relies on intricate systems… it necessitates considerable time and expertise to investigate and confirm that the hacker has been eradicated,” said Professor Alan Woodward, cybersecurity authority at Surrey University.
The National Cyber Security Centre and law enforcement agencies are now involved in investigating the breaches at all three retailers. There is growing speculation that the incidents may be linked, possibly through a common supplier or technology platform, or that heightened vigilance following the M&S attack has led other retailers to detect and act on suspicious activity they might previously have overlooked.
Toby Lewis, head of threat analysis at Darktrace, noted: “With the information publicly available we can see two other likely scenarios: either a common supplier or technology used by all three retailers has been breached and used as an entry point to big name retailers; or the scale of the M&S incident has prompted security teams to relook at their logs and act on activity they wouldn’t have previously judged a risk.”
While all three retailers have significant operations in Scotland, including Co-Op’s hundreds of stores and M&S’s foodhalls, there are no reports of Scotland-specific impacts or disruptions beyond those experienced across the UK. All Scottish branches of the affected retailers remain open and are following the same contingency measures as elsewhere.
Both Harrods and the Co-Op have managed to contain the immediate impact of the attacks, keeping stores open and online services running, though some internal and customer-facing systems remain restricted. In contrast, M&S continues to face significant operational challenges, with experts warning that full recovery could take weeks and that the risk of further attacks remains.
The spate of attacks has been described as a wake-up call for the retail sector, with cybersecurity experts highlighting the high value of customer data and the operational risks inherent in complex, interconnected IT systems.
