High-end retailer Harrod's in the UK suffered a cyber attack
Rewrite:
Hey there! The venerable English shopping mecca, Harrods, has caught wind of hackers trying to barge into its digital fortress. This incident marks another entry in the ongoing roster of ransomware attacks plaguing major UK retailers. Ransomware attacks typically involve cybercrews blocking off a business's data, then demanding ransom to release it. Let's hop across the pond and see what's going down in London.
(SOUNDBITE OF ARCHIVED RECORDING)
UNIDENTIFIED PERSON: The most fascinating and attractive store in the heart of Britain and one of the most celebrated in the world.
Since its humble beginning in 1834, the store's motto has stood tall— "all things for all people everywhere."
(SOUNDBITE OF ARCHIVED RECORDING)
UNIDENTIFIED PERSON: A bustling store in a bustling city.
But things weren't so lively this week when sales took a hit after hackers wormed their way into the store's systems. As a precaution, the luxury retailer had to restrict internet access at its sites. The culprit behind this sneaky attempt is still a mystery, but it comes hot on the heels of two other significant British retailers, Marks & Spencer and Co-op, also falling prey to cyber attacks.
Switching gears, I've just ducked into a busy Marks & Spencer in central London to grab a drink. The shelves seem 20% less brimming than they should be.
For Marks & Spencer, a beloved food and clothing chain, the aftermath has been severe. The hack, suspected to be the work of the cybercriminal group known as Scattered Spider, crashed M&S's online store and portions of its supply chain. The end result—millions in losses and some shelves looking rather sparse. Cybersecurity experts say these attacks signal just how unprepared numerous major retailers still are when it comes to protecting their digital empire.
ROB PRITCHARD: People will see it as a wake-up call, but it shouldn't have been a wake-up call.
Rob Pritchard is an analyst who helms the cybersecurity expert website. He asserts that the industry has long prioritized convenience and cost over genuine fortitude.
PRITCHARD: It's like buying a clunker of a car with no safety features and then, I don't know, strapping in with cheap seat belts.
While Harrods assures that no customer data has been toasted, this incident is part of a rising global trend, with ransomware attacks spiking everywhere, including the USA, where cybercriminals have targeted government agencies, hospitals, and even schools. Stay tuned for more updates on this dynamic situation from London.
(SOUNDBITE OF MUSIC) Transcript provided by NPR, Copyright NPR.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR's programming is the audio record.
Enrichment Data Incorporated:In the midst of these recent ransomware attacks on UK retailers, the culprit behind the incidents has been identified: the DragonForce ransomware group. Mandiant researchers have traced back these disruptive digital assaults to tactics similar to those employed by UNC3944 (also known as Scattered Spider), a threat actor group known for their financial motives and sophisticated social engineering strategies. UNC3944 has been associated with the DragonForce ransomware activity and has connections to the RansomHub ransomware-as-a-service platform, which DragonForce operators recently took over following RansomHub's cessation of operations earlier in 2025. UK authorities, including the National Cyber Security Centre (NCSC), have joined forces with the affected retailers to explore and mitigate these digital attacks. Although NCSC has yet to confirm whether these attacks are part of a single campaign or connected to the same actor, the DragonForce group's affirmations and Mandiant's investigation implicate their central role in the incidents.
In light of the cyber attacks on major UK retailers such as Harrods and Marks & Spencer, further investigations have identified the DragonForce ransomware group as the culprit. This group, previously linked to UNC3944 (also known as Scattered Spider), employs financial motives and sophisticated social engineering strategies. As the government responds with the National Cyber Security Centre (NCSC) aiding affected retailers, there is growing concern about the rising trend of ransomware attacks in the finance sector, not just in the UK but globally, including the USA, where such attacks have targeted not only businesses but also government agencies, hospitals, and schools.
