Surge in Cyberattacks Disrupts Major Retailers and Affects Shoppers

NEW YORK (AP) — A wave of recent cyberattacks and data breaches impacting major retailers is starting to affect consumers directly. Notably, United Natural Foods, a wholesale distributor supplying Whole Foods and other grocery chains, announced this week that a breach in its systems is disrupting order fulfillment, resulting in stock shortages across various stores.

In the U.K., customers faced significant challenges ordering from Marks & Spencer’s website for over six weeks, while in-store selections diminished after hackers targeted the prominent clothing, home goods, and food retailer. Similarly, a cyberattack on Co-op, a British grocery chain, has also contributed to empty shelves in several locations.

The Rising Threat of Cyberattacks

Cyberattacks across various industries are escalating, despite ongoing efforts to strengthen cybersecurity measures. According to Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, there has been an “uptick in retail victims” over the past year.

“Cyber criminals are moving a little quicker than we are in terms of securing our systems,” Steinhauer stated. Ransomware attacks—where hackers demand hefty payments to restore access—are becoming increasingly common. Tracking by NCC Group reveals that industrial businesses were the most frequently targeted by ransomware attacks in April, followed closely by companies in the consumer discretionary sector.

Experts emphasize that targeting well-known brands creates specific chaos and pressure, especially when ransom demands are involved.

Implications for Consumers

Beyond the immediate business disruptions, cyber breaches pose a serious risk to customer data. Depending on the breach’s scope, compromised information may include names, email addresses, or even sensitive data like credit card numbers.

“Consumers need to remain vigilant,” advises Ade Clewlow, associate director and senior adviser at NCC Group. “If they’ve provided personal information to these retailers, they should be alert not only immediately but moving forward.”

Fraudulent activities could stem from compromised data, as fraudsters often send deceptive emails that mimic legitimate retailers, urging customers to change passwords or take advantage of faux promotions. Experts recommend verifying emails by visiting the retailer’s official website or calling their customer service.

Recent Security Incidents in Retail

A range of companies have recently reported cybersecurity incidents that significantly impacted operations. United Natural Foods, noted for its extensive distribution for Whole Foods and other retailers in North America, halted some systems after detecting “unauthorized activity” on June 5. The company has since acknowledged order fulfillment issues and is gradually restoring services.

In a related incident, Victoria’s Secret encountered a security breach last month, forcing it to disable its U.S. shopping site for nearly four days and cease some in-store services. The lingerie brand later revealed the breach also affected corporate systems, delaying its earnings report.

Other retailers such as Marks & Spencer, Harrods, and Co-op have acknowledged the impacts of recent cyberattacks. M&S reported that its online order processing was halted due to an Easter weekend attack, leading to noticeable empty shelves. The company anticipates a cost of approximately £300 million ($400 million) from the incident.

Risks Beyond Breaches

Recent breaches have also exposed customer data at brands like Adidas, The North Face, and Cartier. The North Face noted a “small-scale credential stuffing attack” in April, affecting around 1,500 consumers, while Adidas revealed some contact information was compromised through a third-party provider.

It’s uncertain whether these incidents are interconnected; however, experts suggest hackers often target shared software used by various companies, indicating different groups may be involved.

Companies strategically navigate communications around cyberattacks based on their knowledge at the time; not always disclosing specific involvement of ransomware. Still, Steinhauer believes the likelihood of ransomware incidents remains high in today’s cybersecurity landscape.

Strengthening Cyber Hygiene

In conclusion, it’s crucial for organizations to enhance their “cyber hygiene” preparations. “Cyber is a business risk, and it needs to be treated that way,” Clewlow emphasizes, highlighting the importance of robust cybersecurity in protecting consumers and ensuring operational resilience.