Suspected Cyber Incident?

Why Retail is now a Prime Target for Criminals — and it’s not just Shoplifting 

Walk through the security gates at a flagship Adidas store and you’ll see cameras, staff, and digital tills humming in sync. But behind that sleek retail front end, something far less visible is at play — a quiet but accelerating attack on retail from the inside out. And it’s no longer just about stolen trainers or perfume. It’s about stolen credentials, data leaks, digital fraud, ransomware, and a criminal economy that’s evolving faster than many retailers can respond. 

If you’re in cybersecurity, it’s time to stop thinking of retail as low risk. Harrods, Co-op, M&S — they’ve all been targeted. And not just physically. 

The New Face of Retail Crime: Organised, Digital, and Relentless 

Retail used to mean shoplifting and shrinkage. Now it means social engineering, phishing, and vendor compromise. 

Harrods confirmed in May 2025 it had been hit by a cyber attack that impacted internal systems. According to company statements, the incident involved a credential harvesting campaign — one of the most common ways attackers gain access to enterprise networks today. No customer payment data was exposed, but internal functionality was affected Reuters, 2025

M&S was also recently targeted in a cyber incident that disrupted operations and forced parts of its online systems offline. The attack originated through a third-party supplier, a tactic linked to the cybercriminal group Scattered Spider — known for breaching companies via trusted service providers The Guardian, 2025

In both cases, the attackers didn’t breach through the front door. They came in through the people and the partners. 

Why Retail? Because It’s a Perfect Storm 

Let’s break it down. 

  • Volume of transactions: Thousands per day. Which makes anomaly detection hard. 
  • High turnover environments: Staff often don’t receive regular cybersecurity training. 
  • Third-party dependencies: Retail IT ecosystems rely on countless external systems — loyalty apps, payment gateways, analytics platforms. 
  • Legacy systems: Many stores still run outdated operating systems and insecure remote access tools. 

Attackers see all of this. And they are exploiting it.

Retailers have become popular targets for malware distribution campaigns, data theft, and even ransomware gangs looking for maximum impact with minimum resistance. And it’s not just back-end systems. Frontline devices — tills, tablets, self-checkouts — are often exposed in ways that make lateral movement easy once an attacker is inside. 

When the Attack Hits the Tills 

Unlike breaches in finance or healthcare, attacks on retail are visible. Systems go down. Payments fail. Staff are stuck. Sales are lost. 

When M&S was hit, customers experienced checkout failures and delays to online orders. In Harrods’ case, staff had to manage operations manually while internal systems were restored. While full technical details weren’t released, both incidents highlight a painful truth: the cost of downtime during trading hours is immediate, visible, and brutal. 

And as retailers continue integrating third-party logistics, AI-driven analytics, and cloud-hosted POS tools, that attack surface will only expand. 

Security in Retail Can’t Be an Afterthought 

Digital transformation has accelerated across retail — but security hasn’t always kept pace. Cyber risk in retail is no longer just about compliance. It’s operational. 

Retailers need to: 

  • Train staff regularly, especially those on the front line
  • Segment networks to isolate payment systems from general IT. 
  • Implement strong access controls, including MFA for all users and partners. 
  • Vet and monitor third-party suppliers — especially those with backend access. 
  • Build and rehearse incident response plans, with clear escalation paths for store-level disruptions. 

Final Thoughts: It’s Still About People

Cybersecurity in retail isn’t just about firewalls and endpoints — it’s about the people who scan items, approve invoices, open attachments, and trust what looks real. 

The attackers know this. 

Which is why the most resilient retailers in 2025 will be the ones who invest in people, process, and partnerships — not just technology. 

Worried about gaps in your cyber defences?

We offer Cyber Healthchecks completely free of charge

Reach out today to find out more…

🇬🇧 +44 (0)113 341 0123

🇳🇿 +64 (0)9 802 2444

📧 hello@itogether.com

Sources: 

Harrods is latest British retailer to be hit by cyber attack – Reuters, May 2025 

M&S cyber attack linked to Scattered Spider – The Guardian, April 2025 

British Retail Consortium: Retail crime spiralling out of control – BRC, 2024 

0 Comments

Submit a Comment