In light of the recent cyber attack on Marks & Spencer (M&S), UK retailers have been presented with a stark reminder of the significant legal and operational risks posed by cyber attacks.

In addition to the ongoing M&S incident, the retail sector has also witnessed the Co-op being forced to shut down part of its own IT systems after a hacking attempt (30 April 2025), and Harrods experiencing system outages due to a cyber attack (1 May 2025). These incidents highlight the critical considerations across cybersecurity, consumer law and data protection that all retailers must address to protect their business operations and their customers.