With retail cyberattacks on the rise, customers find orders blocked and
shelves empty
[June 12, 2025] By
WYATTE GRANTHAM-PHILIPS
NEW YORK (AP) — A string of recent cyberattacks and data breaches
involving the systems of major retailers have started affecting
shoppers.
United Natural Foods, a wholesale distributor that supplies Whole Foods
and other grocers, said this week that a breach of its systems was
disrupting its ability to fulfill orders — leaving many stores without
certain items.
In the U.K., consumers could not order from the website of Marks &
Spencer for more than six weeks — and found fewer in-store options after
hackers targeted the British clothing, home goods and food retailer. A
cyberattack on Co-op, a U.K. grocery chain, also led to empty shelves in
some stores.
Cyberattacks have been on the rise across industries. But infiltrations
of corporate technology carry their own set of implications when the
target is a consumer-facing business.
Beyond potentially halting sales of physical goods, breaches can expose
customers' personal data to future phishing or fraud attempts.
Here's what you need to know.
Cyberattacks are on the rise overall
Despite ongoing efforts from organizations to boost their cybersecurity
defenses, experts note that cyberattacks continue to increase across the
board.
In the past year, there’s also been an “uptick in the retail victims" of
such attacks, said Cliff Steinhauer, director of information security
and engagement at the National Cybersecurity Alliance, a U.S. nonprofit.
“Cyber criminals are moving a little quicker than we are in terms of
securing our systems," he said.
Ransomware attacks — in which hackers demand a hefty payment to restore
hacked systems — account for a growing share of cyber crimes, experts
note. And of course, retail isn't the only affected sector. Tracking by
NCC Group, a global cybersecurity and software escrow firm, showed that
industrial businesses were most often targeted for ransomware attacks in
April, followed by companies in the “consumer discretionary” sector.
Attackers know there’s a particular impact when going after well-known
brands and products that shoppers buy or need every day, experts note.
“Creating that chaos and that panic with consumers puts pressure on the
retailer,” Steinhauer said, especially if there’s a ransom demand
involved.
Ade Clewlow, an associate director and senior adviser at the NCC Group,
points specifically to food supply chain disruptions. Following the
cyberattacks targeting M&S and Co-op, for example, supermarkets in
remote areas of the U.K., where inventory already was strained, saw
product shortages.
“People were literally going without the basics,” Clewlow said.
Personal data is also at risk
Along with impacting business operations, cyber breaches may compromise
customer data. The information can range from names and email addresses,
to more sensitive data like credit card numbers, depending on the scope
of the breach. Consumers therefore need to stay alert, according to
experts.
“If (consumers have) given their personal information to these
retailers, then they just have to be on their guard. Not just
immediately, but really going forward," Clewlow said, noting that
recipients of the data may try to commit fraud “downstream.”
Fraudsters might send look-alike emails asking a retailer's account
holders to change their passwords or promising fake promotions to get
customers to click on a sketchy link. A good rule of thumb is to pause
before opening anything and to visit the company's recognized website or
call an official customer service hotline to verify the email, experts
say.
It's also best not to reuse the same passwords across multiple websites
— because if one platform is breached, that login information could be
used to get into other accounts, through a tactic known as “credential
stuffing.” Steinhauer adds that using multifactor authentication, when
available, and freezing your credit are also useful for added lines of
defense.
[to top of second column] |
Some shelves at a Whole Foods in New York City sit emptier on June
10, 2025. (AP Photo/Wyatte Grantham-Philips)
 Which companies have reported
recent cybersecurity incidents?
A range of consumer-facing companies have reported cybersecurity
incidents recently — including breaches that have caused some
businesses to halt operations.
United Natural Foods, a major distributor for Whole Foods and other
grocers across North America, took some of its systems offline after
discovering “unauthorized activity” on June 5.
In a securities filing, the company said the incident had impacted
its “ability to fulfill and distribute customer orders." United
Natural Foods said in a Wednesday update that it was “working
steadily” to gradually restore the services.
Still, that's meant leaner supplies of certain items this week. A
Whole Foods spokesperson told The Associated Press via email that it
was working to restock shelves as soon as possible. The Amazon-owned
grocer’s partnership with United Natural Foods currently runs
through May 2032.
Meanwhile, a security breach detected by Victoria's Secret last
month led the popular lingerie seller to shut down its U.S. shopping
site for nearly four days, as well as to halt some in-store
services. Victoria's Secret later disclosed that its corporate
systems also were affected, too, causing the company to delay the
release of its first quarter earnings.
Several British retailers — M&S, Harrods and Co-op — have all
pointed to impacts of recent cyberattacks. The attack targeting M&S,
which was first reported around Easter weekend, stopped it from
processing online orders and also emptied some store shelves.
The company estimated last month that the it would incur costs of
300 million pounds ($400 million) from the attack. But progress
towards recovery was shared Tuesday, when M&S announced that some of
its online order operations were back — with more set to be added in
the coming weeks.
Other breaches exposed customer data, with brands like Adidas, The
North Face and reportedly Cartier all disclosing that some contact
information was compromised recently.
In a statement, The North Face said it discovered a “small-scale
credential stuffing attack” on its website in April. The company
reported that no credit card data was compromised and said the
incident, which impacted 1,500 consumers, was “quickly contained.”
Meanwhile, Adidas disclosed last month that an “unauthorized
external party” obtained some data, which was mostly contact
information, through a third-party customer service provider.
Whether or not the incidents are connected is unknown. Experts like
Steinhauer note that hackers sometimes target a piece of software
used by many different companies and organizations. But the range of
tactics used could indicate the involvement of different groups.
Companies' language around cyberattacks and security breaches also
varies — and may depend on what they know when. But many don't
immediately or publicly specify whether ransomware was involved.
Still, Steinhauer says the likelihood of ransomware attacks is
“pretty high” in today's cybersecurity landscape — and key
indicators can include businesses taking their systems offline or
delaying financial reporting.
Overall, experts say it's important to build up “cyber hygiene"
defenses and preparations across organizations.
“Cyber is a business risk, and it needs to be treated that way,"
Clewlow said.
All contents © copyright 2025 Associated Press. All rights reserved |
