Harrods becomes latest UK retailer to face cyber threat as M&S’ struggles persist

Hey there, time traveller!
This article was published 02/05/2025 (222 days ago), so information in it may no longer be current.

LONDON (AP) — British retailer Marks & Spencer said Friday that it’s “working day and night” to resolve a cyberattack nearly two weeks ago that has left it unable to process any online orders, a day after luxury London department store Harrods confirmed it had become the latest target.

With Co-op also having shut down some of its information technology systems as a precaution following a hack, there are growing concerns within the retail sector that hackers are taking calculated risks by trying to replicate the actions of others to cause as much disruption as they can.

According to reports, a hacking group known as Scattered Spider is said to be behind the M&S attack, although this hasn’t been confirmed. It remains unclear if the three attacks are linked.

So far, M&S has been the most high-profile victim of the recent spate of attacks, and its chief executive Stuart Machin told customers that he is “really sorry” about the disruption.

“We are working day and night to manage the current cyber incident and get things back to normal for you as quickly as possible,” he said.

M&S first reported the issue over the Easter weekend two weeks ago and has seen its operations impacted for more than a week. Initially, the company saw contactless payments and click and collect orders affected, though contactless has since been restored.

Last Friday, it also said it would no longer be able to take orders through its website or app in order to deal with the problem. And the company, which has around 65,000 employees, has been unable to hire new workers after pulling job postings from its website.

London’s Metropolitan Police force has launched an investigation into the attack on M&S.

M&S’s latest update comes a day after Harrods said it had restricted internet access across its sites as a precautionary measure following an attempt to gain unauthorized access to its systems.

“We are not asking our customers to do anything differently at this point, and we will continue to provide updates as necessary,” Harrods said in a statement.

“Coming on the heels of recent breaches at Co-op and M&S, it highlights an alarming trend,” said Cody Barrow, chief executive of cybersecurity experts EclecticIQ. “The flurry of attacks showed cybercriminals are becoming bolder, exploiting weaknesses across complex, highly interconnected supply chains.”

Experts are saying that generative artificial intelligence is accelerating the threat landscape, and that firms and individuals have to stay on top of developments and shore up their defenses against cyberattacks.

The U.K. National Cyber Security Centre said that it was working with organizations affected as well as providing expert advice to others in the sector.

“These incidents should act as a wake-up call to all organizations,” agency CEO Richard Horne said.