2025: A Year of Rising Costs—and Escalating Cyber Threats for UK Businesses As 2025 draws to a close, UK businesses and charities have faced a surge in financial pressures—from soaring employment costs and supply chain disruptions to oil and tariff shocks. Yet, one of the most damaging expenses has been the fallout from cyberattacks, which have hit nearly half of British companies and 30% of charities over the past year. High-profile victims include retail giants Marks & Spencer, Adidas, and the Co-op Group, as well as Heathrow Airport, Harrods, and Jaguar Land Rover (JLR). The public sector hasn’t been spared either: Germany’s parliament and the UK Foreign Office (breached in October) were among those targeted. Attacks ranged from phishing scams to full-scale digital shutdowns, with some incidents costing hundreds of millions. The scale of cybercrime has reached staggering proportions. Cybersecurity Ventures estimates the global cost of cyberattacks in 2025 at $10.5 trillion (£7.8 trillion)—a figure that would rank cybercrime as the world’s third-largest economy, trailing only the US and China. The financial and operational toll underscores the growing threat to organizations across sectors.

Adidas disclosed a cyber-attack in which hackers compromised the personal data of customers who had previously contacted the company’s customer service helpdesk. While the breach did not expose passwords, credit card details, or other payment information, it involved unauthorized access to personal data, raising concerns over potential misuse for identity fraud or targeted phishing. The company notified affected individuals via email, advising them on precautionary measures such as password changes and monitoring for suspicious activity. The incident highlights the risks of data exposure even when financial details remain secure, as stolen personal information can still be leveraged for secondary attacks like credential stuffing or social engineering scams. Adidas emphasized that only a subset of customers—those with prior helpdesk interactions—were impacted, but the breach underscores the broader vulnerability of customer support systems as entry points for cybercriminals.

Adidas disclosed a data breach where attackers hacked a customer service provider and stole some customers' data, including contact information. The stolen information did not include payment-related information or passwords. Adidas immediately contained the incident and launched an investigation, collaborating with information security experts. The company notified relevant authorities and will alert affected customers. Adidas has not revealed further details about the incident, including the name of the impacted service provider, the detection date, the number of individuals affected, or if its own network was compromised.

Lapsus$ Claims Breach of Adidas Extranet, But Scope Remains Disputed The hacking group Lapsus$ has claimed responsibility for breaching the Adidas Extranet a secure portal used by the company’s business partners, suppliers, and employees allegedly exposing around 815,000 rows of data. The compromised information reportedly includes usernames, passwords, and technical details, though only 130 accounts appear to have been directly affected. Lapsus$ suggested the breach was part of a larger operation, hinting at an upcoming "something bigger." However, cybersecurity researchers at Cybernews dispute the severity of the incident, arguing that the group exaggerated its impact. The leaked data, they say, primarily originates from Double D, a French Adidas licensee specializing in combat sports, rather than Adidas itself. The exposed records include personal details such as names, email addresses, passwords, birthdates, and company information. While Lapsus$ is considered one of the most active English-speaking cybercrime groups alongside Scattered Spider and ShinyHunters analysts note that the breach may have been inflated for notoriety. The group also claimed to possess 420GB of Adidas-related data tied to the French market, though researchers found the dataset included irrelevant entries, such as SQL commands. Adidas confirmed a third-party breach in May 2025, though the connection to this incident remains unclear. The potential for phishing attacks using the leaked data persists, but experts caution against overstating the breach’s scale.

Nike and Under Armour Hit by Ransomware Attacks as Cyber Threats Target Major Brands Nike and Under Armour have become the latest high-profile victims of ransomware attacks, with cybercriminals leveraging extortion tactics to demand payments. The incidents highlight the growing threat to global apparel brands, following similar breaches at Adidas and The North Face last year. Nike is currently investigating a potential cybersecurity incident after the ransomware group WorldLeaks claimed responsibility, threatening to release stolen data by 6 p.m. Saturday unless a ransom is paid. While the full scope of compromised data remains unclear, ransomware attacks typically involve customer details such as names, emails, and birthdates. Nike confirmed it is actively assessing the situation, stating, “We always take consumer privacy and data security very seriously.” Under Armour, meanwhile, disclosed a breach that occurred in November 2023, with the ransomware gang Everest taking credit. Initial reports suggested 72 million email addresses were exposed, but a source close to the investigation disputed this, indicating only a “fraction” of that number was compromised. Under Armour confirmed the breach but emphasized that its e-commerce platform (UA.com) and payment systems remain unaffected. The company is working with external cybersecurity experts to determine the full impact. These attacks follow a pattern of escalating cyber threats against major fashion and apparel brands. Last year, Adidas confirmed a breach via a third-party customer service provider, exposing consumer contact details but no financial data. The North Face also faced a credential-stuffing attack, though payment information remained secure. International brands, including Dior, Harrods, Kering, and Marks & Spencer, have also been targeted in recent years. As ransomware groups continue to pressure victims with public leaks and countdown threats, the incidents underscore the persistent risks to corporate data security in the retail sector.

The athletic apparel manufacturer Adidas declared that it has opened an inquiry following information about a possible security breach that might affect millions of its clients in the United States. An attacker may have gained unauthorised access to client data, including email addresses, encrypted passwords, and addresses, according to the German sportswear manufacturer. Contact details, usernames, and encrypted passwords are among the limited material, according to the early inquiry. Adidas has no grounds to think that the consumers' payment card or fitness information was compromised.