As Marks & Spencer, Harrods reel from attacks, Google flags major American brands as next targets
The cyberattacks that rattled Britain’s biggest retailers are no longer just a local problem. According to Google’s top security analysts, the same hackers are now aiming their sights at American corporations — and they’re not playing small.
Over the past few weeks, iconic British retailers like Marks & Spencer, Harrods, and the Co-op Group have either gone dark or scrambled to contain data breaches. Now, that chaos is creeping across the Atlantic.
From London storefronts to U.S. server farms
John Hultquist, Google’s chief analyst with its Threat Intelligence Group, says there’s no doubt about it: “Major American retailers have already been targeted.” He didn’t name names — probably because those companies are either still investigating or trying to avoid public panic.
But the warning couldn’t come at a worse time. As digital sales soar and supply chains grow more complex, retail giants are facing a new kind of enemy: highly organized, financially driven cybercriminals who know how to break in, take what they want, and vanish without a trace.
Marks & Spencer was forced to freeze its online orders for weeks, a costly disruption during peak shopping season. Hackers targeting the Co-op Group claimed to have stolen troves of sensitive customer and employee data. Harrods also pulled back on certain online services after suspicious activity — though, so far, it says there’s no sign that customer data was taken.
One sentence, but it says a lot: the damage is already real.
A closer look at the British attacks
While each retailer may have experienced a different type of breach, the fingerprints look similar. According to BBC reports, hackers approached journalists directly to share evidence of their exploits — screenshots, stolen files, entire customer databases.
That sort of communication suggests a level of confidence — and perhaps a message: “We’re here. We can reach you. Pay up, or your reputation burns.”
Some key disruptions from recent weeks:
-
Marks & Spencer: Online orders paused for nearly two weeks
-
Co-op Group: Hackers claim access to “huge amounts” of data
-
Harrods: Restricted store internet access while conducting internal review
These attacks weren’t just digital vandalism. They were tactical, coordinated, and aimed squarely at where it hurts most — trust.
U.S. retailers are on alert — but is it enough?
Christian Beckner, Vice President of Retail Technology and Cybersecurity at the National Retail Federation, confirmed that American companies are taking this seriously. “Many companies have taken steps to harden themselves against these criminal groups’ tactics over the past two years,” he told NBC News.
Still, hardening systems and staying one step ahead are two different things. The issue, some experts suggest, is not just software weaknesses or outdated firewalls — it’s complacency.
Google, with its cloud services deeply integrated into global retail infrastructure, is in a rare position to see these attacks before the headlines. If it says American brands are being targeted, it’s a safe bet that the groundwork has already been laid.
Are hackers exploiting retail-specific weaknesses?
That’s still unclear. Google hasn’t confirmed whether the attackers are using a shared vulnerability — something common across retail platforms or industry software.
But one thing’s for sure: the retail sector is a tempting target. It handles an avalanche of personal and payment data, works across global networks, and often prioritizes speed and customer convenience over tight system controls.
Retail IT ecosystems are complex. They involve:
-
Point-of-sale (POS) systems
-
Inventory databases
-
Supplier portals
-
Customer loyalty platforms
-
Third-party marketing tools
Each layer is a potential point of entry. Patch one hole, and another might appear down the line.
What makes this wave different?
This isn’t the first time retailers have faced cyber threats. But what makes this series of attacks stand out is how bold and direct they’ve been — and how willing the hackers are to go public.
According to cybersecurity firm Sophos, the average ransomware demand in 2024 rose to nearly $2.3 million per incident — a 17% jump from the previous year. That kind of money changes motives. This is no longer just about data; it’s about leverage.
Here’s a quick look at what’s changed:
| Threat Vector | 2020-2022 Trends | 2023-2025 Trends |
|---|---|---|
| Attack Methods | Phishing, brute force | Supply chain exploits, API breaches |
| Targets | Small businesses, hospitals | Major retailers, logistics networks |
| Hacker Communication | Anonymous, silent | Public leaks, direct media contact |
| Ransom Demands | $500k – $1.5M | $2M+ with threats of PR sabotage |
As seen above, today’s attackers are loud, coordinated, and operating with corporate-level strategy.
The bottom line for shoppers
If you’ve shopped online with a major retailer in the U.S. lately, your data is likely sitting on a server protected by some very nervous IT professionals right now.
No need to panic — but do be smart:
-
Watch for strange emails or login alerts.
-
Avoid clicking on links from unknown senders.
-
Change your passwords if you’ve used the same one across multiple sites.
And yes, it might be time to double-check whether your information has appeared on any leaked data lists.
The fight is digital. But the consequences — real money, real damage — are hitting the real world.
