The UK retail sector has come under siege in 2025, with an unprecedented wave of cyber attacks. After the Ticketmaster breach in 2024 where millions of users were affected, one would assume retailers had taken note. However, From Marks & Spencer to Louis Vuitton, companies large and small are grappling with relentless, tech-enhanced intrusions that threaten customer trust and digital resilience. It’s almost a daily occurrence these days receiving an email from a company apologising for a data breach. There also seems to be no retailer safe regardless of their size or stature. Sometimes it is a retailer that you may not have even shopped with for a number of years at which point I’m sure you must be thinking, ‘What’s their data retention policy?’
Below we take a look at some of the major breaches and attacks of 2025 and what you can do to protect your information online.
High-Profile Retail Cyberattacks of 2025
Here’s a snapshot of the most disruptive recent cyber incidents:
| Company | Date | Attack Type | Impact & Highlights |
| Louis Vuitton UK | July 2025 | Data breach | Customer contact details & purchase history stolen; phishing scams followed |
| Marks & Spencer | April 2025 | Ransomware | £3.8M/day in lost revenue; £700M market value wiped; credential theft via vendor |
| Harrods | May 2025 | Attempted breach | Real-time containment; no confirmed data loss but serious operational disruption |
| Co-op UK | May 2025 | Ransomware | Customer data compromised; back-office systems disabled |
| Peter Green Chilled | May 2025 | Ransomware | Disrupted cold-chain deliveries to Tesco, Aldi, Waitrose |
| Victoria’s Secret | Spring 2025 | Web attack | E-commerce platform outage during peak shopping period |
These incidents underscore one clear truth: cybercrime is evolving, and no retailer, no matter its size or prestige, is immune. What is worrying is, companies with infinite resources are still extremely vulnerable.
The Role of AI
In many of these data breaches, AI was used by hackers to accelerate and deepen the damage. Their tactics included:
- Hyper-Personalised Phishing: AI-generated messages mimicked trusted communications, referencing recent purchases to trick recipients. Louis Vuitton customers received convincing fake discount offers.
- Credential Cracking and MFA Bypass: AI automated brute-force login attacks, while adversary-in-the-middle techniques stole session tokens to sidestep multi-factor authentication.
- Network Reconnaissance: Malicious bots used AI to scan retail systems, identify vulnerabilities, and map out supply chains for deeper impact.
- Autonomous Ransomware: Sophisticated strains like DragonForce adapted in real time to avoid detection and self-propagate through connected systems.
- Voice Phishing (Vishing): AI-generated voices impersonated IT staff to deceive employees into disclosing access credentials; a tactic especially potent in luxury retail.
AI has supercharged cybercrime, making attacks faster, more targeted, and far harder to detect. With the emergence of (RaaS) ransomware as a service and (DLS) there is now a marketplace for our data that is much more accessible.
How Consumers Can Protect Their Data
While companies bear the financial burden of breaches, consumers often suffer the most; through stolen data, financial fraud, and disrupted services. Lessons for consumers include:
- Even luxury brands are vulnerable – don’t assume prestige equals protection.
- Cyberattacks are increasingly tailored based on what you buy, how often you shop, and where you live.
- Supply chains and vendor access are weak points; your data might be exposed even if the retailer itself isn’t directly breached.
Whether you shop in-store or online, these simple steps can dramatically improve the security of your personal data:
Digital Defence
- Use Strong, Unique Passwords: A password manager can help you avoid reuse and weak combinations.
- Enable Multi-Factor Authentication: Critical for accounts tied to payments or personal information.
- Monitor Your Financial Activity: Check bank statements and credit reports for irregularities. Set up alerts where possible.
- Be Phishing-Aware: Always verify communications by visiting the retailer’s official website. Don’t click suspicious links or download unexpected attachments.
- Don’t Save Your Payment Data: If you can avoid saving your payment/address details with a retailer online then always avoid.
Data Discipline
- Limit the Personal Data You Share: Don’t offer extra details to loyalty schemes or retailers unless absolutely necessary.
- Freeze Your Credit (If Breached): Prevent identity thieves from opening new accounts using your stolen details.
Payment Hygiene
- Use Credit Cards Online: They offer better fraud protection and don’t expose your actual bank balance. In addition, you have certain buyer protections when buying on credit card.
- Avoid Public Wi-Fi for Shopping: Use a VPN or shop from secure, private networks.
The digital age has made shopping easier; but also riskier. Cybersecurity now requires a partnership between retailers and consumers. Companies must implement
zero-trust architectures. AI-powered threat detection and employee cyber-awareness training. Meanwhile, consumers should stay informed, cautious, and quick to respond when their personal data is at risk.
According to Stanford University’s recent study, human error accounted for 88% of data breaches and a recent Accenture study found that there has been a 97% increase in cyber threats since the start of the Russia/Ukraine war.
We have two workshops coming up (How to Increase Cyber Security in your Organisation and Cyber Security for DPOs) which are ideal for organisations who wish to upskill their employees about cyber security.
