THE RETAIL BULLETIN - The home of retail news
Lest we forget
Click here
Home Page
News Categories
Commentary
CX
Department Stores
Desert Island Stores
Electricals and Tech
Entertainment
Fashion
Food and Drink
From the Archive
General Merchandise
Grocery
Health and Beauty
Home and DIY
Interviews
People Strategy
Retail Business Strategy
Property
Retail Solutions
Electricals & Technology
Sports and Leisure
TRB conference review
Christmas Ads
Shopping Centres, High Streets & Retail Parks
Uncategorized
Retail Events
People in Retail Awards 2025
Retail HR North 2026
Retail Ecom North
Customer Centric Retail
Retail HR Central 2026
Future of Retail Operations
Upcoming Retail Events
Past Retail Events
Retail Insights
Retail Solutions
Advertise
About
Contact
Subscribe for free
Terms and Policies
Privacy Policy
Real-world retail cyber attack examples

In today’s digital-first world, the threat of retail cyberattacks has never been more tangible. Nobody is safe, from high-end to mass chain stores. Digital progress through… View Article

COMMENTARY

Real-world retail cyber attack examples

30 October, 2025 | by Angela Beevers

In today’s digital-first world, the threat of retail cyberattacks has never been more tangible. Nobody is safe, from high-end to mass chain stores. Digital progress through every new system, app, or online touchpoint creates an opportunity for enterprising hackers to search for a vulnerability.

Retail cyberattacks are more than just an IT issue; they’re a boardroom concern. The effects range from disrupted businesses and reputational damage to lost consumer loyalty and can result in losses measured in millions of pounds. Retail leaders need to understand what’s happening in the industry and why, so they can build a retail business resilient enough to withstand even the toughest digital blows.

This blog uncovers some real-world examples of large-scale retail cyberattacks, including how well-known e-commerce brands in the UK were attacked, where they went wrong, and the lessons that can be learnt to build stronger cyber defences.

What are retail cyberattacks?

Retail cyberattacks are unauthorised intrusions on digital retail operating systems through unlawful means. These attacks include:

  • Phishing attacks: fraudulent, sophisticated phishing campaigns or messages targeting employees or customers to steal personal data, including credentials or payment info.
  • Ransomware: a type of malicious software that encrypts systems and demands payment to restore access.
  • Point-of-Sale (POS) malware: infects payment systems to steal credit card data.
  • SQL injection: exploits website databases to access or manipulate customer data, such as email address, date of birth, etc.
  • Distributed Denial of Service (DDoS): overwhelms retail websites, causing downtime and lost sales.
  • Credential stuffing: uses stolen passwords from other data breaches to access retail accounts.
  • Man-in-the-middle (MITM) attacks; intercept data between customers and retailers during online orders and transactions.
  • Supply chain attacks: compromise third-party vendors or software used by retailers.
  • Skimming attacks: install malicious code or devices to capture card data during checkout (online or physical).
  • Insider threats: employees or contractors misusing access to steal data or disrupt operations.

Examples of cyber attacks in the retail industry

Subscribe to TRB

The best way to see how retail cyber attacks unfold and what lessons can be drawn from them is by studying real-world cyber incidents. Here, we present a few high-profile examples that illustrate how creative and devastating cybercriminals have become in the last few years.

1. Harrods

In 2025, the UK retail sector has faced a wave of high-profile cyberattacks, with luxury department store Harrods among the latest victims. Hackers reportedly stole data relating to 430,000 customer records from a third-party provider, including basic personal information such as names, contact details, and loyalty card data.

Harrods confirmed that no payment details or passwords were compromised and has refused to engage with the attackers. The breach follows a series of cyber incidents across major UK brands: Co-op reported a £206 million loss in sales after a data theft affecting 6.5 million members.

London The Famous Harrods,Department,Store

2. M&S (Marks & Spencer)

M&S was targeted by the Scattered Spider and DragonForce ransomware groups in April 2025. Tata Consultancy Services (TCS) employees were tricked in a social engineering scam that provided access to attackers. The hackers used ransomware to disable the online operations of M&S for nearly a month and steal consumers’ data from more than 600 computers. They demanded a ransom to decrypt and prevent data theft.

The M&S ransomware compromise made news as one of the largest recent retail attacks. Social engineering attacks, in which hackers try to influence humans rather than computers, are another rising danger that this incident highlighted. And the consequences of such attacks are not limited to the affected retailer but also impact other brands, too, like Sosandar.

Queries such as “Has Marks and Spencer’s cyberattack been fixed?” and “How much did M&S lose?” trend online, which gives a sense of how much concern the public has about such events. 

3. Pandora

Pandora Store In Shopping Mall

In 2025, jewellery giant Pandora joined the growing list of major retailers caught in the crosshairs of cyberattacks. Hackers gained access to customer data not through Pandora’s own systems, but through a third-party Salesforce platform. Around 30,000 customers, mostly in the UK, had basic personal details exposed, including names, email addresses, and dates of birth. Thankfully, no passwords or payment information were compromised.

Investigators believe the breach was the work of ShinyHunters, a group known for exploiting Salesforce weaknesses using phishing and social engineering tactics. Pandora acted quickly to contain the incident, cut off unauthorised access, and notify affected customers. The company also confirmed there was no evidence that the stolen data had been published online.

The attack underscores a growing problem in retail cybersecurity: the weak links hidden in supply chains and third-party systems. Even brands with strong internal defences can be exposed through the tools and vendors they rely on every day. 

4. Morrisons

In one of the most famous UK retail data breaches, a Morrisons employee leaked payroll details of nearly 100,000 staff. Over 2,000 staff members pursued legal action in the aftermath.

The incident proves that threats which occur within domestic territory present the same level of danger as threats that come from foreign territories. Retailers focus on hacker protection, but their systems face equal or greater threats from intentional or unintentional employee actions that result in data misuse.

5. Tesco Bank

Tesco Bank was a target of NFC-based fraud in 2016 when cybercriminals accessed stolen customer information to create fraudulent mobile wallets. These accounts were then exploited to conduct low-value ‘tap and go’ contactless transactions that impacted some 9,000 members of the public at a cost estimated to be £2.5 million. Tesco Bank halted some transactions, repaid victims and enhanced its payment security controls as a result of the breach.

The Tesco Bank hack provided another example of how new payment technologies are creating additional points for fraud. With the rise of digital wallets, NFC and biometric payments in retail security, businesses need to continuously assess their cybersecurity threats in retail to keep up with increasingly sophisticated attackers.

6. Tesco Clubcard Loyalty Scheme

In early 2020, Tesco‘s Clubcard loyalty scheme was hit by a credential stuffing attack, with sources estimating that some 600,000 accounts had been compromised. Attackers used stolen login credentials from unrelated breaches to break into accounts where customers had reused passwords. Tesco soon discovered the fraud and closed the accounts involved, advising affected customers to reset their passwords in order to avoid a repeat occurrence.

The lesson here is that people reuse passwords. Merchants also need to consider additional authentication methods and campaigns to educate the public further about the problems occurring in their environment.

7. Currys PC World and Dixons Travel

Currys PC World and Dixons Travel stores were compromised by a cyberattack that had managed to lift payment card and personal details of some 14 million of their customers using the PoS (Point-of-Sale) systems between July 2017 and April 2018. The breach let hackers collect some 5.6 million payment card details. The retailer was later handed a £500,000 fine by the UK Information Commissioner’s Office over serious security failings.

This case is a reminder of the risks from legacy systems and inadequate endpoint protection. Merchants that are still using older payment systems or out-of-date software are also at the top of the cybercriminals’ hit list.

The alarming state of retail cybersecurity in the UK

The National Cyber Security Centre (NCSC) has cautioned that UK retailers are still among the most targeted in the world. In addition, NordVPN names the UK as the third most targeted country for internet malware

Retailers are vulnerable in particular because they deal with tremendous quantities of personal information and customer data, conduct numerous transactions online, and rely heavily on complex supply chains. One weak link, a vendor, an employee or even an out-of-date point-of-sale terminal, can be the door through which hackers enter. 

This unfortunate trend should urge retailers to make security an integral part of their digital transformation strategy, not a late-stage add-on.

The role of AI and automation in retail cybersecurity

New risks for retail businesses and consumers are also posed by the use of AI in retail. While it’s true that AI brings many benefits, it’s also true that, as AI is introduced in the retail mix, retailers must recognise that automation will not eliminate other threats and may actually create new attack surfaces. 

The benefits and pitfalls of AI in cyber defence

AI-driven systems can enhance retail cybersecurity by:

  1. Analysing large, complex data sets. AI can analyse large, complex data sets to identify hidden patterns and emerging threats and act faster than human security teams alone. However, machine learning models require a significant amount of high-quality data to effectively identify cyber threats, and simply throwing data at them isn’t enough to catch every type of threat. Cyber threats are constantly evolving, and if the model has never encountered a new or advanced threat before, it might not detect it.
  2. Monitoring systems in real time to detect abnormal transactions or malware behaviour. Many large, complex companies are exploring the use of artificial intelligence (AI), including machine learning, to process large data sets and monitor their systems in real time. AI-driven automated solutions can spot suspicious activities, like abnormal transactions and malware behaviours, in no time and act swiftly in a way humans alone cannot.
  3. Reducing response times, enabling faster action than human analysts alone. With these AI-based detection systems, companies can cut the time it would take a human analyst to assess and respond to suspected attacks, which gives businesses more proactive and effective cyber defences. But such systems require ongoing updates, high-quality data and human oversight to respond to new threats and minimise false alarms.
  4. Improving operational efficiency by automating repetitive security monitoring tasks. On the other hand, over-reliance on automation can reduce human vigilance, while integration with legacy systems and third-party AI tools may expose additional vulnerabilities. Attackers are also using AI offensively, creating deepfakes, hyper-targeted phishing campaigns, and automated attacks that are harder to detect.

In short, AI and machine learning can accelerate detection and response, but they must be part of a balanced cybersecurity strategy that combines automation with human judgment, transparency, and ethical data practices.

Why is cybersecurity so hard to get right?

If the examples above are any lesson, it’s that cybersecurity isn’t black and white.

Retail faces the perfect storm of cybersecurity challenges that include:

  1. IoT and connected devices: any smart shelves or self-checkout systems can introduce additional new risks.
  2. Insider threats: employees and contractors can inadvertently (or intentionally) compromise security.
  3. Supply chain vulnerabilities: as illustrated in the case of the Aldi supply chain, third-party suppliers can leave entire networks exposed.
  4. Bring Your Own Device (BYOD) policies: personal devices can serve as an entry point for attacks when there are no security controls in place.
  5. Budget constraints: Too many directors continue to consider cybersecurity an expense that can be pushed back in terms of priority in favour of investing more in the areas of inventory or logistics.
  6. Budget constraints. One of the largest challenges when it comes to cybersecurity remains how to get funding approved for cybersecurity.

Ways for retailers to stay ahead of cyber criminals

Retailers who combine proper investments with educational efforts can establish robust digital security systems that defend their business operations and customer data.

What can retailers do to avoid becoming the next headline and secure their path to cyber survival?

  1. Prioritise cyber awareness training. Your business relies on its employees to act as its primary defence system.
  2. Modernise legacy systems. Retailers need to promptly replace their current outdated software and payment systems because hackers will discover their existing security weaknesses quickly.
  3. Perform periodic penetration tests and audits. Don’t be surprised if, during an incident, you realise that the one thing you should have fixed was your weak security approach.
  4. Secure your supply chain. All partners and vendors need to follow cybersecurity compliance standards.
  5. Invest in cyber insurance and establish plans to develop resilience. The cost of preventive measures is lower than the combined expenses of dealing with security breaches that have already occurred.

Final thoughts

Retailers can no longer look upon cyber attacks as a faraway threat. Your business will suffer significant financial losses and permanent damage to its reputation because of phishing scams, ransomware attacks, and internal data breaches.

This substantial risk highlights the need for improved security measures and effective retail cybersecurity solutions. Leading retailers are already reinventing their defences and cultivating a new breed of cybersecurity for the new shopping experience.

Never be left behind. Build a resilient retail business. Discover emerging technology trends in retail at the Future of Retail Operations event.

Register today.

 

Subscribe For Retail News