TL;DR: 2025 has been brutal for UK businesses. From Marks & Spencer and Co-op to global names like Mailchimp and Hertz, attackers have gone big. AI-powered scams, social engineering, and major supply chain breaches have put millions of customer records at risk. Here’s what happened and how to protect your business from ending up in the next headline.
Why are UK businesses being hit so hard in 2025?
Cyber crime’s getting slicker. Attackers are:
- Using AI to write convincing phishing emails
- Exploiting human trust and supplier access
- Targeting retail, legal, and marketing systems with high disruption potential
At Cloud & More, we’ve always said: if cyber security isn’t high on your board agenda, it’s a blind spot waiting to be exposed.
6 major cyber attacks that shook the UK in 2025
1. Marks & Spencer: One breach. Six weeks of chaos.
🗓️ April–May 2025
🎯 Suspected group: Scattered Spider + DragonForce
📉 Impact: £300M profit warning, customer data stolen, 46 days of online outage
What started as a phishing attack on an outsourced IT contractor spiralled into a full-blown ransomware breach. The hackers:
- Tricked a third-party support user
- Gained admin access by stealing hashed passwords
- Deployed ransomware across 600+ systems
- Shut down M&S online sales for over a month
- Accessed personal customer data
Lesson: If your suppliers aren’t secure, neither are you.
2. Co-op: When tills go down, trust goes too
🗓️ May 2025
🏪 Impact: 2,300 stores, supply chain breakdowns, major disruption
Co-op was forced into manual mode when its in-store systems crashed. Customers couldn’t pay properly. Stock wasn’t arriving.
Lesson: You need a crisis plan that covers more than IT.
3. Marketing platform breach: Mailchimp, HubSpot & more
🗓️ April 2025
📨 Impact: Credential theft, fake emails, data leaks
One campaign hit multiple platforms. Hackers hijacked accounts and sent phishing emails posing as invoices and service updates.
Lesson: Vendor risk is now a business-critical issue.
4. Hertz: A global breach with local consequences
🗓️ April 2025
🔍 Status: UK impact still unclear
Hertz confirmed a data breach, but UK-specific details are missing. Customers were alerted, but left in the dark.
Lesson: Don’t make customers chase clarity. Communicate early and clearly.
5. January’s anonymous data leak: 18.8 million records exposed
🗓️ January 2025
👤 Hacker alias: “b0nd”
📦 Claim: 18.8 million customer records stolen
Still no company has come forward. Either someone’s kept it very quiet or we’re yet to see the fallout.
Lesson: Not all attacks are loud. Detection is just as important as prevention.
6. Legal Aid Agency: The public sector wasn’t spared either
🗓️ April–May 2025
🏛️ Impact: Legal aid data compromised both providers and applicants
Massive amounts of personal, financial, and legal data were exposed going back over a decade.
Lesson: If you handle sensitive data, cyber resilience isn’t optional.
How are attackers doing it?
- Phishing 2.0 – AI-written, tailored, convincing
- Ransomware – Fast-moving, especially on ESXi servers
- Social engineering – Beyond links, now using calls, SMS, and spoofing
- Supply chain infiltration – Exploiting the weakest link in your vendor chain
Groups like Scattered Spider and DragonForce are behind many of this year’s biggest attacks and they’re just getting started.
Summary table
| Incident | Date | Impact |
|---|---|---|
| Marks & Spencer | April–May | Online systems down, customer data breach |
| Co-op | May | 2,300 stores affected, stock and supply issues |
| Marketing platforms | April | Credential theft, phishing, data leaks |
| Hertz | April | Global breach, UK customer impact unclear |
| Unknown UK business | January | 18.8 million customer records stolen |
| Legal Aid Agency | April–May | Extensive breach of legal aid data |
So what now?
- Assume it could be you
- Train your people — they’re your first line of defence
- Secure your supply chain, not just your own tools
- Make sure your backups work and test them regularly
- Build a clear comms plan before you ever need one
Key takeaways
- The big names are being hit hard
- Attackers are using AI, supply chains, and human behaviour
- You can’t stop every threat, but you can be ready
- Prevention is smart. Response is essential.
FAQs
What was the biggest UK cyber attack in 2025?
Marks & Spencer’s breach stands out, with customer data stolen, stores disrupted, and online orders halted for 46 days.
Why are retailers being targeted so often?
Retailers have big customer databases, complex logistics, and time-sensitive delivery, which makes them vulnerable and high-value targets.
What can small businesses learn from these attacks?
You don’t need to be famous to be a target. Most cyber attacks use the same tools on small businesses phishing, ransomware, third-party access.
How can I make sure my business is protected?
Start with the basics: security updates, password hygiene, cyber awareness training, and secure backups. Check out our cyber security support if you need help.
How cyber resilient is your business
Take our 2-minute cyber resilience assessment to find out how prepared your business or organisation really is.
See what our clients have to say
Build strong cyber resilience with Cloud & More?
Cyber threats aren’t slowing down but with the right support, you don’t have to face them alone. Whether it’s securing your supply chain, training your team, or making sure your backups actually work, we’ll help you stay one step ahead.
Let’s make your business harder to hack and easier to trust.
