In recent months, the UK retail sector has been rocked by a series of cyber attacks, with major brands like Marks & Spencer (covered last month’s newsletter), Co-op, Harrods, and Adidas falling victim to sophisticated hacking attempts. These incidents highlight the increasing vulnerability of businesses to cyber threats and underscore the urgent need for robust cybersecurity measures.

The Marks & Spencer Cyber Attack: A Catalyst for Further Breaches

The cyber attack on Marks & Spencer over the Easter weekend was one of the most disruptive in recent UK retail history. Hackers infiltrated the company’s IT systems, leading to empty shelves, halted online orders, and compromised customer data. The attack is estimated to cost M&S £300 million, with disruptions expected to last until July.

Investigations revealed that the breach was facilitated through human error and a third-party vulnerability, allowing hackers to gain access to sensitive systems. The attack was reportedly carried out by Scattered Spider, a notorious hacking group specialising in ransomware and social engineering techniques.

The Co-op Cyber Attack: A Ripple Effect

Shortly after the M&S breach, Co-op experienced a similar cyber attack, leading to empty shelves and disrupted supply chains. Hackers extracted personal data from a significant number of customers and employees, forcing Co-op to take parts of its IT system offline to prevent further damage.

Unlike M&S, Co-op did not have cyber insurance, making the financial impact of the attack even more severe. The company responded by prioritising deliveries to rural areas and gradually restoring its ordering and supply chain processes. Despite these efforts, many stores continued to struggle with delayed or partial deliveries, frustrating customers and employees alike.

Harrods: A Luxury Target

Luxury department store Harrods was also targeted in a cyber attack, though the impact was less severe than that experienced by M&S and Co-op. Hackers attempted to gain unauthorised access to Harrods’ systems, prompting the company to restrict internet access at its sites as a precautionary measure.

Unlike M&S and Co-op, Harrods managed to keep its flagship store and online operations running, minimising disruption to customers. However, the attack served as a stark reminder that even high-end retailers are not immune to cyber threats.

Adidas: A Different Kind of Breach

While the attacks on M&S, Co-op, and Harrods primarily disrupted operations, Adidas faced a different type of cyber threat—a data breach. Hackers accessed customer contact information through a third-party customer service provider, raising concerns about supply chain vulnerabilities.

Although no payment details or passwords were compromised, the breach exposed Adidas customers to potential phishing and social engineering scams. The company responded by notifying affected consumers and collaborating with cybersecurity expert to contain the incident.

The Growing Threat to UK Businesses

These cyber attacks illustrate a troubling trend: UK businesses are increasingly vulnerable to sophisticated hacking attempts. Retailers, in particular, are prime targets due to their vast customer databases, complex supply chains, and reliance on digital infrastructure.

Several key lessons emerge from these incidents:

1. Supply Chain Security is Critical – Many breaches occur through third-party vulnerabilities, as seen in the M&S and Adidas attacks.

2. Cyber Insurance Matters – Businesses without cyber insurance, like Co-op, face greater financial risks.

3. Proactive Cybersecurity Measures Are Essential – Companies must invest in employee training, multi-factor authentication, and real-time threat monitoring to mitigate risks.

4. Rapid Response Can Minimise Damage – Harrods’ swift action in restricting internet access helped contain its cyber attack.

The recent wave of cyber attacks serves as a wake-up call for UK businesses. As hackers become more sophisticated, companies must prioritise cybersecurity, strengthen supply chain protections, and ensure rapid response strategies to safeguard their operations and customer data.

With cyber threats showing no signs of slowing down, businesses must remain vigilant and proactive in defending against digital intrusions.

If you’re a business operating in the North East of England, contact us today to benefit from our range of cyber security services.

In the fast-paced world of technology, software and hardware inevitably reach their end-of-life (EOL) or end-of-support (EOS) status. When this happens, manufacturers stop providing security updates, patches, and technical assistance, leaving outdated systems vulnerable to cyber threats. Despite the risks, many businesses continue using unsupported technology, often underestimating the dangers.

Understanding End-of-Life and End-of-Support

Every piece of IT equipment—whether a computer, server, or operating system—has a lifecycle. Once a product reaches EOL, it is no longer sold or developed. If it reaches EOS, it means the manufacturer has stopped providing updates, making the technology obsolete.

A recent example—featured in last month’s newsletter—is Windows 10, which will reach end of support on October 14, 2025. After this date, Microsoft will no longer release security updates or offer technical assistance for the operating system. While devices running Windows 10 will still function, they will become increasingly vulnerable to cyber threats.

The Dangers of Using Outdated IT

Failing to keep IT systems up to date can lead to severe consequences:

• Security Vulnerabilities: Without security patches, outdated software is more susceptible to cyberattacks, including ransomware and data breaches.

• Compliance Risks: Businesses in regulated industries (such as finance and healthcare) may fail to meet cybersecurity compliance requirements if they use unsupported software.

• Reduced Performance: Older hardware and software struggle to keep up with modern applications, leading to slower processing speeds and frequent system crashes.

• Lack of Technical Support: Manufacturers won’t provide assistance for outdated systems, making troubleshooting and repairs more difficult.

• Higher Costs: Fixing security breaches, system failures, and non-compliance issues can cost businesses millions—far more than a timely upgrade.

How to Stay Secure and Up to Date

To avoid these risks, businesses should take proactive steps:

1. Monitor software lifecycles: Keep track of EOL and EOS dates for operating systems, applications, and hardware.

2. Upgrade before support ends: Transition to newer versions or alternative solutions before outdated technology creates security gaps.

3. Consider cloud-based solutions: Cloud platforms offer continuous updates, reducing the risk of running obsolete software.

4. Invest in cybersecurity measures: Implement firewalls, anti-virus software, and employee training to mitigate risks.

5. Plan for regular IT audits: Conduct annual IT assessments to identify outdated systems and ensure compliance.

Outdated IT isn’t just an inconvenience, it’s a major security and operational risk. Businesses that fail to update their systems expose themselves to cyber threats, financial losses, and regulatory penalties. Staying proactive, upgrading technology on time, and investing in cybersecurity will ensure a safer, more efficient digital future.

Web browsers have become an essential tool in our digital lives. Whether searching for information, shopping online, or navigating social media, they serve as a gateway to the internet. However, what many users don’t realise is how much personal data browsers collect—and what they do with it. A recent Surfshark study sheds light on the data-gathering habits of popular mobile browsers, revealing significant privacy concerns.

The Biggest Data Collectors: Chrome Leads the Pack

Among the ten browsers analysed, Google Chrome emerged as the most data-hungry, collecting 20 different types of user data. These include: contact information, financial details, location tracking, browsing and search history, user content and identifiers, usage data and diagnostics

Notably, Chrome is the only browser that collects financial information such as payment methods and banking details. It is also the only one that stores users’ contact lists, meaning the browser has access to your address book and social connections.

Trailing behind Chrome, Microsoft Bing ranks as the second most intrusive browser, gathering 12 different types of data. Other mainstream browsers, including Safari and Edge, also collect personal information but to a lesser extent.

Privacy-Focused Browsers: A Safer Alternative

At the other end of the spectrum, browsers such as Brave and TOR prioritise user privacy by minimising or eliminating data collection. TOR stands out as the most secure choice, gathering zero user data to ensure anonymity. Brave, while not entirely data-free, restricts its collection to basic identifiers and usage data.

How Browsers Use Your Data

A significant portion of collected data is used for targeted advertising and tracking, raising concerns about user privacy. Opera, Bing, and Pi Browser collect information for third-party advertising, meaning they either display ads directly in the app or share user data with advertisers. Additionally, Edge, Bing, and Pi Browser gather data that can be used for tracking, potentially selling it to data brokers.

Another major privacy issue is location tracking. 40% of analysed browsers collect user location data, with Bing being the only browser to record precise location information.

The Dominance of Data-Hungry Browsers

Despite privacy concerns, mainstream browsers continue to dominate the market. Chrome and Safari alone account for 90% of global mobile browser usage, making them unavoidable for most users. In the UK, for example, Chrome holds 47% of the market, while Safari follows closely at 43%.

The Takeaway: Choosing the Right Browser

While convenience often leads users to popular browsers, the findings highlight the importance of considering privacy-first alternatives. If safeguarding personal data is a priority, switching to Brave or TOR can significantly reduce exposure to data collection and tracking.

Ultimately, awareness is key. Understanding how browsers gather and use data allows users to make informed choices and take control of their digital privacy.

Artificial intelligence (AI) is rapidly reshaping workplaces across the UK, bringing both excitement and apprehension among employees. A recent survey conducted by Henley Business School reveals that while many workers see AI as a valuable tool, concerns about its rapid adoption and lack of training persist.

Optimism vs. Overwhelmed

The survey, which polled 4,640 full-time workers across nearly 30 industries, found that 56% of UK professionals feel optimistic about AI’s potential. However, 61% admit to feeling overwhelmed by its rapid development. This phenomenon has been termed FOBO—Feeling Optimistic But Overwhelmed—highlighting the mixed emotions surrounding AI integration.

Industries Embracing AI

Certain sectors are leading the charge in AI adoption, particularly: publishing and journalism, information technology, recruitment and HR, and, marketing and advertising.

These industries are leveraging AI for automation, data analysis, and content creation, helping businesses streamline operations and improve efficiency.

Industries Hesitant About AI

On the other hand, some sectors remain cautious, including: retail, teaching and education, public services, and, property and construction.

Workers in these fields express concerns about AI replacing jobs, ethical implications, and the lack of clear guidelines for AI use.

The Training Gap

Despite growing enthusiasm for AI, many employees feel underprepared. Nearly 60% of workers say they would be more likely to use AI if proper training were available, yet 24% feel their employers aren’t providing enough support. Additionally, 49% report that their workplace lacks formal AI guidelines, adding to the uncertainty.

The Future of AI in the Workplace

Henley Business School’s research underscores the need for structured AI training programs and clear workplace policies to help employees navigate this technological shift. As AI continues to evolve, businesses must ensure that workers are equipped with the skills and knowledge to harness its potential effectively.

With AI expected to play an even greater role in the coming years, companies that fail to address these concerns risk falling behind. The key to successful AI integration lies in education, transparency, and proactive leadership.