2025: A Year of Rising Costs—and Escalating Cyber Threats for UK Businesses As 2025 draws to a close, UK businesses and charities have faced a surge in financial pressures—from soaring employment costs and supply chain disruptions to oil and tariff shocks. Yet, one of the most damaging expenses has been the fallout from cyberattacks, which have hit nearly half of British companies and 30% of charities over the past year. High-profile victims include retail giants Marks & Spencer, Adidas, and the Co-op Group, as well as Heathrow Airport, Harrods, and Jaguar Land Rover (JLR). The public sector hasn’t been spared either: Germany’s parliament and the UK Foreign Office (breached in October) were among those targeted. Attacks ranged from phishing scams to full-scale digital shutdowns, with some incidents costing hundreds of millions. The scale of cybercrime has reached staggering proportions. Cybersecurity Ventures estimates the global cost of cyberattacks in 2025 at $10.5 trillion (£7.8 trillion)—a figure that would rank cybercrime as the world’s third-largest economy, trailing only the US and China. The financial and operational toll underscores the growing threat to organizations across sectors.

Luxury London-based retailer Harrods confirmed a cybersecurity breach in September 2025, where criminals stole 430,000 customers' data from a compromised third-party supplier. The exposed information includes basic personal details (names, contact details), marketing-related data (membership tier levels, Harrods co-branded card affiliations), but no passwords or financial data. While Harrods stated the stolen marketing data was unlikely to be accurately interpreted by attackers, the breach still poses reputational and operational risks. The company refused to name the affected supplier but assured customers that its own systems remained uncompromised. Harrods also confirmed direct communication from the threat actor, though it declined to engage. This incident is separate from an earlier 2025 attack linked to the Scattered Spider hacking group, which targeted multiple UK retailers. Authorities were notified, and Harrods emphasized its focus on customer support and cooperation with investigations. The breach highlights vulnerabilities in third-party supply chains, raising concerns over data protection compliance and customer trust.

Harrods, the iconic British luxury department store, confirmed a data breach affecting ~430,000 customer records after a third-party provider’s system was compromised. The exposed data included personal details (names, email addresses, phone numbers, marketing preferences, and loyalty card information), but no payment data or passwords were stolen. The breach originated externally, with Harrods emphasizing its internal systems remained secure. The company refused to negotiate with hackers, set up a customer helpline, and collaborated with cybersecurity experts and authorities (including the ICO) for mitigation. While the financial impact was not disclosed, the incident aligns with a broader 2025 trend of cyber-attacks on major UK retailers, eroding customer trust and highlighting vulnerabilities in third-party data handling. No ransomware was involved, and the attack was contained by the third party.

UK Organizations Face Rising Ransomware Threats as Cyberattacks Intensify The British Horseracing Authority (BHA) became the latest UK organization to suffer a ransomware attack in early June 2025, compromising multiple servers within its IT infrastructure. While core racing operations and general administration remained unaffected, the incident forced some IT staff to work remotely as authorities worked to contain the breach. The responsible ransomware group has not been identified, with details kept confidential for security reasons. The attack is part of a broader surge in cyber threats targeting Western entities, particularly in the UK. Recent victims include retail giants Marks & Spencer, which fell to the DragonForce ransomware and took five weeks to recover, as well as Co-Op and Harrods, both hit in the past two months. Cybercriminals are increasingly drawn to Western organizations due to two key factors: financial incentives businesses in these regions are more likely to pay ransoms to avoid operational collapse and perceived security gaps, where weak defenses make breaches easier and more profitable. Ransomware tactics have also grown more aggressive. Beyond encrypting data, attackers now employ double extortion, stealing sensitive information before locking systems and threatening to leak it on the dark web if demands aren’t met. In rare cases, they escalate to triple extortion, targeting victims’ customers and partners to inflict reputational damage. As cyber threats evolve in sophistication, the long-term impact on businesses and public institutions remains a pressing concern. The BHA incident underscores the escalating risks faced by organizations across sectors, with no clear resolution in sight.

Ransomware Attack on Peter Green Chilled Disrupts UK Food Supply Chain A ransomware attack on Peter Green Chilled, a key distributor of refrigerated goods to major UK supermarkets, has caused significant disruptions to food deliveries across the country. The incident adds to a growing wave of cyberattacks targeting the retail and logistics sectors, following recent breaches at Marks & Spencer, the Co-op, and Harrods. The attack has exposed vulnerabilities in the UK’s supply chain, leading to delays, potential shortages, and concerns over consumer panic buying. Experts warn that such disruptions highlight the high stakes of cybersecurity in retail, where even brief outages can ripple through digital and physical operations. Andy Norton, European Cyber Risk Officer at Armis, emphasized that the sector’s reliance on digital supply chains, operational continuity, and customer data makes it a prime target. Data from Armis Labs shows 41% of retailers have faced increased cyber threats in the past six months, with 79% of IT decision-makers prioritizing proactive cybersecurity measures in the coming year. However, nearly half of surveyed retailers admit past breaches have left their systems inadequately secured, while 46% struggle with evolving regulatory complexities. Security analysts, including Nir Dvorkin of Cynet Security, link the attack to Scattered Spider (UNC3944), a group known for sophisticated tactics like phishing, SIM-swapping, and help desk impersonation. The group’s methods blend social engineering with the exploitation of legitimate remote access tools, making detection difficult. Dvorkin stressed that these attacks are not opportunistic but meticulously planned to bypass defenses. To counter such threats, experts recommend a layered defense strategy, including enforced multi-factor authentication (MFA), restricted remote access, and employee training to recognize social engineering attempts. Despite growing awareness 82% of retail employees know how to report suspicious activity only 46% of organizations claim real-time detection and response capabilities. With high-profile groups like Anonymous, DarkSide, and APT41 posing persistent threats, the retail sector faces mounting pressure to strengthen cyber defenses. The attack on Peter Green Chilled underscores how digital threats now directly impact the physical supply of essential goods, reinforcing the need for enhanced security, training, and regulatory alignment.

Luxury department store Harrods confirmed a data breach in September 2025, where cybercriminals stole up to 430,000 customer records from a third-party IT provider. The compromised data includes basic personal identifiers (names, contact details), loyalty card information, marketing preferences, and co-branded card associations, but no payment details or account passwords were exposed. The breach follows a prior cyberattack attempt in May 2025, where Harrods successfully thwarted unauthorized access to its internal systems. This time, hackers exploited a supply-chain vulnerability, targeting a weaker external partner. Harrods refused to engage with the threat actors, suggesting a ransom demand was involved. While the company assured containment and collaboration with authorities, the incident highlights risks in third-party dependencies and the escalating threat landscape for high-profile retailers.

Harrods, a luxury department store in London, was one of the targets of a series of ransomware attacks in April. The attacks disrupted business operations and resulted in significant financial and reputational damage. The National Crime Agency has arrested four individuals suspected of involvement in these attacks, which also affected other major British retailers. The NCA is continuing its investigation to identify and bring to justice all those responsible.

Cybersecurity Alert: Account Recovery Workflows Become Prime Target for Identity Breaches In 2025, a wave of cyberattacks targeting major U.K. retailers including Marks & Spencer, Harrods, and the Co-op Group exposed a critical vulnerability in identity security: account recovery workflows. Despite robust multi-factor authentication (MFA) and phishing-resistant controls at login, attackers bypassed protections by exploiting password resets, MFA re-enrollment, and help-desk recovery requests through social engineering. The incidents revealed a systemic flaw: recovery processes are rarely treated as high-risk security events. Designed for speed and convenience, these workflows rely on outdated assumptions such as trust in human judgment, static knowledge-based questions, and unsecured communication channels that are easily manipulated by modern attackers. AI-driven impersonation, synthesized voices, and stolen credentials now allow threat actors to convincingly mimic legitimate users, making deception nearly undetectable for help-desk staff. While MFA is widely adopted, its effectiveness collapses during recovery. Many organizations require minimal verification to reset MFA, allowing attackers to sidestep authentication entirely. The result? Breaches where MFA was technically "enabled" but functionally useless, as compromised recovery flows undermine downstream security controls. The root issue lies in identity assurance being treated as disposable. Onboarding may involve rigorous verification, but recovery often reconstructs trust using weaker signals such as email links or scripted questions rather than referencing the original proofing process. This creates a paradox: the path to regaining access is easier than the path to maintaining it. To counter this, experts argue recovery workflows must be designed for adversarial conditions. High-risk actions should trigger step-up verification, and self-service resets must preserve identity assurance rather than weaken it. Without these changes, attackers will continue to exploit recovery as the weakest link in identity security bypassing strong authentication without ever directly attacking it.

Luxury department store Harrods confirmed a cyber breach where attackers stole 430,000 customer records (names, contact details, and marketing tags like tier level or co-branded card affiliations) from a third-party provider’s system. While no payment details or account passwords were compromised, the exposed data poses risks for targeted phishing, social engineering, and identity theft, as evidenced by criminals directly contacting affected customers. Harrods refused to negotiate with the attackers, citing cybersecurity best practices, and is collaborating with the National Cyber Security Centre (NCSC) and Metropolitan Police Cyber Crime Unit for mitigation. The breach was isolated and contained, with no impact on Harrods’ internal systems, but it underscores vulnerabilities in third-party supply chain security. The incident follows an earlier 2024 attack linked to the Scattered Spider group, though unrelated to this breach. Harrods emphasized transparency by notifying affected customers and issuing public statements to maintain trust.

UK luxury retail giant Harrods suffered a cybersecurity breach after hackers compromised a third-party supplier, exfiltrating 430,000 e-commerce customer records. The stolen data included names, contact details, and internal marketing labels (e.g., loyalty tier levels, co-branded card affiliations), but excluded passwords, payment information, or order histories. The threat actor directly contacted Harrods, likely for extortion, though the company refused engagement. While the breach did not expose highly sensitive financial data, the scale of compromised personal identifiers poses risks for phishing, social engineering, and reputational harm. Harrods proactively notified affected customers and authorities, emphasizing vigilance against follow-up attacks. This incident follows a failed May 2024 ransomware attempt by Scattered Spider (linked to DragonForce ransomware), which Harrods thwarted before system encryption.

Harrods Ltd., a luxury department store in London, experienced a data breach where customer information—including names and contact details—was stolen from the systems of a third-party service provider. The breach was part of a broader wave of cyberattacks targeting U.K. businesses in 2023. Harrods confirmed that no sensitive data such as account passwords or payment information was compromised. The incident was isolated, contained, and did not involve Harrods' internal systems. Affected customers were notified, and the company is collaborating with the third-party provider to implement necessary security measures. Authorities were also informed. This follows an earlier attempted breach in May, highlighting the escalating cyber threats faced by British retailers, which have led to significant financial losses and operational disruptions across the sector.