Retail cyber-attacks surge as weak defences lure criminals

The retail sector is facing an escalating wave of cyber-attacks, with household names such as The North Face and Cartier joining the growing list of companies victimised by data breaches in recent weeks. Industry experts warn that these attacks are not isolated incidents, but part of a wider trend, driven by both opportunistic threat actors and deep-seated vulnerabilities within the sector.

Anthony Lloyd, Principal Cyber Technologist at tmc3, a Qodea company, describes the current situation as a "'blood in the water' effect".

"We're seeing a 'blood in the water' effect in the retail sector: one major breach using a particular method has enticed more attackers to follow suit. Often, they are launching copycat attacks against other organisations within the same sector, assuming they have similar vulnerabilities. It's less about a sudden surge in sophistication, more about attackers focusing on a sector they perceive as having both soft defences and high-value customer data.

"While large, interconnected systems are a factor, the vulnerability often comes down to people and priorities. Large retailers have a huge and often transient workforce, including temporary or agency staff on the shop floor, who are harder to make cyber-aware than corporate workers. There is also the issue of constant tension between security and customer experience; to keep online shopping slick and easy, retailers ignore multi factor authorisation (MFA) as it means an extra hassle for customers logging in. Attackers know this, and they go for it," he says.

"Retailers need to address both internal and customer-facing threats to prevent attacks. We've seen The North Face hit by credential stuffing – which exploits customers reusing passwords from other breached sites – so strong passwords aren't enough. What they need is MFA, regular checks for customer passwords against know compromised lists, and tools to detect and block high-volume login attempts typical in these attacks.

"Security culture starts from the top down. Training isn't a one-a-year, check-box exercise – there's a group of big retailers who now know this. It needs to be continuous, bite-sized and engaging to create a real behavioural change. For staff, the onus is on the organisation to make security easy by providing tools like password managers and modern, seamless authentication methods like PassKeys.

"Delays in data breach discovery are a sign of cyber immaturity – and not a good look for retailers in front of their shareholders and customers. Attacks like credential stuffing are very noisy from a cyber point of view so a delay can indicate inadequate detection capabilities, poor internal escalation processes, or more cynically, putting reputation before disclosure."

Jon Lucas, Co-Founder and Director at Hyve Managed Hosting, echoes these concerns.

"The retail sector has become an increasingly attractive target for cybercriminals due to the vast amounts of customer data and financial information it handles. The rapid growth of online retail has accelerated digital dependency, with retailers relying heavily on e-commerce platforms, CRM tools, POS systems and complex supply chains.

"This is resulting in larger attack surfaces than ever before, especially when you consider the additional vulnerabilities that remote and hybrid working models and third-party providers present. Meanwhile, threat hackers have become more sophisticated, using AI to automate phishing, scan for weaknesses and develop tailored malware. The rise of cybercrime-as-a-service has also lowered the technical barrier to entry, making it easier for less skilled hackers to launch impactful attacks," he says.

Lucas says to counter these evolving threats, retailers must adopt a robust, multi-layered security strategy.

"A Zero Trust model should reinforce their defences, treating all access as untrusted until verified. Strong access controls, including consistent use of multi-factor authentication and identity-aware policies are vital. Real-time threat detection and response systems like EDR and XDR platforms are essential for identifying and mitigating threats as they emerge, with automation playing a key role in reducing response times," he says. 

"Regular penetration testing, realistic incident response exercises and thorough vendor risk assessments are also essential. Offsite and cloud-based backups ensure rapid recovery in the event of ransomware or system failure, while a diversified infrastructure that spans hybrid or multi-cloud environments helps avoid single points of failure and enhances overall resilience.

Looking ahead, Lucas says retailers must recognise that cybersecurity is not solely a technical challenge but a business-wide imperative.

"Recovering from an incident requires more than just patching vulnerabilities; it demands transparent communication, visible accountability and a sustained commitment to organisational resilience. Building a culture of cyber awareness across all levels of the business is key to retailers staying ahead of increasingly agile and well-equipped bad threat hackers in order to protect both their customers and reputations in an increasingly hostile digital landscape."