Key Insight
Cyber attacks targeting the retail sector have surged in 2024-2025, with cyber criminals exploiting a variety of vulnerabilities, from third-party vendor weaknesses to inadequate security controls within the organizations themselves. These attacks have resulted in significant data breaches, financial losses, and operational disruptions. Even well-established retail giants are falling victim to these growing threats, underscoring the need for improved cyber security measures across the sector.
What is happening?
The retail sector has become a prime target for cyber criminals, with attackers exploiting multiple points of weakness within organizations. This includes third-party vendor vulnerabilities, outdated systems, and insufficient internal security practices. In 2024-2025, several high-profile retail companies have experienced significant breaches, with impacts ranging from the theft of payment card information to the exposure of personal customer details. For instance:
- Marks and Spencer breach – A cyber attack tied to the Scattered Spider ransomware group compromised customer data and disrupted order processing. It took Marks & Spencer a significant amount of time to resume operations, including online orders, highlighting the severity and duration of the impact on their business.
- Co-op IT system shutdown – A targeted cyber attack caused the Co-op’s IT systems to shut down, affecting both operations and customer services.
- Harrods cyber attack – The luxury retailer Harrods was targeted, leading to the exposure of sensitive data and operational disruption.
- Adidas data breach – A breach involving Adidas exposed customer account information via compromised third-party services.
These incidents demonstrate the range of vulnerabilities that cyber criminals exploit in the retail sector. According to recent reports, a significant percentage of data breaches in 2024 involved third-party compromises, highlighting the need for businesses to secure both their internal and external systems effectively.
Why does this happen?
- Outdated systems – Many retail businesses still use legacy systems—outdated computer software, equipment, hardware, or technology that remains in use despite being replaced by newer alternatives. These systems are often not periodically updated or patched, making them vulnerable to exploitation by attackers.
- Inadequate internal security practices – A lack of strong internal controls, such as limited access to sensitive data or inadequate monitoring systems, increases the risk of internal and external breaches.
- Lack of internal accountability for security – Many retail organizations place complete trust in third-party vendors for security, assuming that the vendors will handle everything. This belief often leads to neglecting their own responsibility for securing data and systems, which increases vulnerability to cyber attacks.
What’s the risk?
- Loss of customer trust – A breach can significantly damage customer relationships, which are crucial to the retail industry.
- Operational disruption – Cyber attacks can halt critical business functions, such as website downtime, order processing delays, and service interruptions, affecting revenue and customer satisfaction.
- Financial losses – Cyber attacks can result in regulatory fines, recovery costs, and the loss of business due to reputational damage.
- Exposure of sensitive data – Personal and financial data, including payment card information may be exposed, leading to identity theft or fraud.
How can retail organizations defend against cyber attacks?
- Review third-party vendor access periodically Organizations often overlook the security measures of their third-party vendors, assuming they are secure. It’s crucial to periodically review access and permissions granted to external vendors, ensuring they only have access to what’s absolutely necessary. This can help minimize potential entry points for cyber criminals.
- Avoid relying on outdated systems Many retail businesses still use legacy systems, which can be vulnerable to cyber attacks. It's important to periodically update or replace outdated systems to ensure that they meet current security standards and do not leave the organization exposed.
- Monitor unusual internal activity Organizations tend to focus on external threats but often neglect monitoring for unusual internal activities. Setting up monitoring tools to detect abnormal behavior within the organization can help identify potential threats before they escalate.
- Prioritize secure data transmission Organizations often overlook the need for secure communication methods when sharing sensitive information with vendors or within the organization. Using encryption and secure communication channels helps protect data from being intercepted during transmission.
- Limit employee access and privileges Many retail organizations give employees access to more systems and data than necessary. Limiting access based on roles and responsibilities helps minimize the risk of data exposure or unauthorized access, especially in the event of a compromised account. Equally important is promptly revoking access when it's no longer needed, as this step is often overlooked but critical for reducing the risk of unauthorized access over time.
- Don’t wait for an attack to upgrade security measures Organizations often wait until an attack happens before addressing security gaps. Taking a proactive approach to cyber security—periodically conducting audits and testing systems—can help identify weaknesses before they’re exploited
- Make employee cyber security awareness ongoing Employees are often the first line of defense, but cyber security training is sometimes treated as a one-time event. It’s important to continuously educate employees about the latest cyber threats and how to spot potential risks, especially as attack methods evolve.
References
UK Retailer Co-op Shuts Down IT Systems After Cyber Attack Attempt
Adidas Data Breach - Customers Personal Information Exposed
M&S hackers believed to have gained access through third party