In recent weeks, major UK retailers including M&S, The Co-op, Harrods, and now Dior have been hit by cyberattacks — a stark reminder of the rising threat of cybercrime and a clear wake-up call for SMEs.
Marks & Spencer (M&S)
M&S fell victim to a sophisticated ransomware attack orchestrated by the hacker group Scattered Spider, over the Easter weekend. The group deployed a variant of ransomware known as DragonForce, exploiting system vulnerabilities to gain unauthorised access to customer data. Information such as names, addresses, dates of birth, and order histories was compromised. Fortunately, payment details and passwords remained secure.
As a result of the breach, online orders were suspended from 25 April, and in-store operations were disrupted. The financial impact has been severe, with over £1.2 billion reportedly wiped from the company’s market value.
The Co-operative Group (Co-op)
The next victim of a ransomware attack was the Co-op. This time, the attackers crippled the company’s ordering and logistics systems, leading to widespread supply chain disruption, particularly in rural areas. Both customer and employee data, including contact details and birth dates were accessed. While payment systems continued to function, the breach caused significant operational issues and reputational damage.
Harrods
Luxury retailer Harrods reported a cyberattack around the same period. The attempted breach was identified and mitigated swiftly, though it still prompted the retailer to restrict internet access in stores as a precautionary measure. While less damaging, the incident highlights the increasing threat faced by UK retailers.
Dior
Dior is the latest victim of a cyberattack, after discovering unauthorised access to a customer database in China. While no financial data was involved, personal and purchase details were exposed, increasing the risk of fraud and phishing. Dior is urging customers to remain vigilant.
How These Attacks Happened
The cyberattacks on M&S and the Co-op were driven by social engineering. Attackers posed as internal IT staff to deceive help desk personnel into resetting passwords. This allowed them to infiltrate internal systems and deploy ransomware.
Once inside, they encrypted critical data and threatened to leak sensitive information unless a ransom was paid.
A Warning for all Businesses to Check their Security Posture
It’s a common misconception among small and medium-sized businesses that cybercriminals only target large organisations. The reality? Around one in five UK businesses, including a quarter of all small firms, experienced a cyberattack in the past year.
The key difference between businesses that survive and those that suffer lasting damage is preparation. Here’s what SMEs should be doing now:
- Get Cyber Essentials certified
This government-backed scheme provides a solid foundation for cyber protection and demonstrates your commitment to data security. - Employee education
Employees should be able to identify phishing emails, suspicious requests, and impersonation tactics. - Improve cyber hygiene
Keep systems updated, use strong and unique passwords, and ensure backups are secure and regularly tested. - Have an incident response plan
Know how to isolate affected systems, inform stakeholders, and recover operations efficiently.
Understanding Social Engineering
Social engineering is one of the most effective tactics used by cybercriminals. It relies on manipulating human behaviour, rather than breaking through technical defences. Common methods include:
- Pretexting – Using fabricated stories or identities to gain trust and access.
- Phishing – Deceptive messages that trick recipients into revealing sensitive information or clicking malicious links.
- Baiting – Offering fake incentives or downloads laced with malware.
- Tailgating – Gaining physical access to secure areas by following authorised personnel.
In the recent attacks, pretexting was the method of choice. Hackers impersonated IT staff to persuade help desk workers to reset credentials and grant access.
Best Practices to Protect Against Social Engineering
To reduce the risk of social engineering, implement these practical measures:
- Employee awareness training – Regularly educate staff on identifying and reporting suspicious activity.
- Strict verification protocols – Always verify a requester’s identity before granting access or resetting credentials.
- Multi-factor authentication (MFA) – Require more than just a password to access critical systems.
- Regular security audits – Proactively assess your systems to uncover vulnerabilities.
- Robust incident response planning – Prepare for the worst with a tested, well-documented action plan.
By embedding a culture of security awareness and ensuring staff are equipped to spot potential threats, organisations can dramatically reduce their risk of a social engineering attack.
Act Now..
The recent incidents involving some of the Uks largest retailers are a harsh reminder that no organisation is immune. As cybercriminals become more sophisticated, businesses of all sizes must take cybersecurity seriously.
Taking action now — improving defences, training your team, and planning for incidents — is not just good practice; it’s essential.
Want to strengthen your cybersecurity posture?
Get in touch with our team to explore our tailored security services and practical advice for protecting your business.
