Retailers in the UK are increasingly finding themselves in the crosshairs of cybercriminals. The recent wave of attacks on high-street names like Marks & Spencer, Co-Op, and Harrods is a stark reminder that no brand, no matter how well-established is immune from digital threats.
These incidents weren’t isolated. They’re part of a wider trend where criminals use tactics like ransomware-as-a-service, social engineering, and compromised credentials to infiltrate retail networks. In many cases, weak or inconsistently applied multi-factor authentication (MFA) policies leave a door wide open.
It’s no longer enough to rely on passwords. Retailers must adopt MFA across all systems particularly for admin accounts and critical applications to stop criminals before they can access sensitive data, systems, or customer information.
Real-World Retail Attacks
- Marks & Spencer was among several major UK retailers recently targeted in a ransomware campaign. Though details remain limited, the incident prompted widespread concern about the vulnerability of customer-facing systems and internal infrastructure.
- Harrods experienced a cyber-attack in mid-2024 that led to operational disruptions and concerns about the exposure of employee data. Threat actors reportedly used social engineering techniques to bypass authentication measures, likely exploiting weak MFA implementation or helpdesk protocols.
- Co-Op was also impacted by a cyber incident affecting internal systems. While the retailer quickly responded, the event highlighted gaps in resilience and response readiness across large-scale, decentralised operations.
In all these cases, the National Cyber Security Centre (NCSC) became involved, offering support and reinforcing guidance on the use of MFA, secure helpdesk procedures, and monitoring of privileged accounts.
The Role of MFA in Preventing Breaches
MFA is one of the most effective ways to prevent unauthorised access, even if credentials are stolen.
When properly implemented, MFA ensures that access requires more than just a username and password.
Importantly, the NCSC has issued direct recommendations to the retail sector that include:
- Enforce MFA across all accounts, particularly for cloud, admin, and IT support personnel
- Harden helpdesk protocols to prevent attackers from tricking support teams into resetting passwords or MFA tokens
- Monitor for suspicious login behaviour, such as logins from residential IP ranges or VPNs
- Limit Domain and Enterprise Admin access, and audit regularly for anomalies
- Use threat intelligence tools to detect and respond to evolving attacker techniques
Social Engineering: The Emerging Threat
Groups like ‘Scattered Spider’ have been linked to recent attacks. Their method? They trick IT helpdesks into resetting MFA or passwords for high-privilege accounts by impersonating legitimate staff. Without strict authentication protocols, even a well-trained team can fall victim.
Retailers should:
- Train helpdesk teams to verify identity using multi-step checks
- Use MFA reset approvals that require secondary validation from line managers or automated triggers
- Avoid using SMS-based MFA where possible, opting for authenticator apps or physical security keys
Prevention is Cheaper Than Recovery
Preparation isn’t just about blocking attacks; it’s about detecting and containing them before they cause damage. With MFA, you make it exponentially harder for criminals to gain access, even when credentials are compromised.
As an RSA Security Gold Partner, we offer advanced tools that enable:
- Passwordless login
- Adaptive MFA based on risk level
- Federated access for retailers with hybrid cloud environments
Get in touch for more information on how we can help you succeed and stay safe.
