What Indian businesses must learn: From the global M&S, Forever 21 retail breach crisis

On 22 April 2025, the UK’s most trusted retail brand Marks & Spencer (M&S) was hit by a cyberattack, which affected its nationwide Click & Collect and contactless payment systems. However, M&S is not alone in the sector. Between 2018 and 2019, attackers deployed malware on Forever 21’s point-of-sale (POS) systems to steal payment card data from customers, exposing a vulnerability in their payment infrastructure. In late 2023, Ace Hardware was hit by a cyberattack that disrupted warehouse management, invoicing, and customer service systems across its 5,600 stores globally. The attack also led to social engineering scams targeting franchise owners. Cyberattacks against big companies have only increased lately in different sectors, making it necessary for Indian retailers accelerating their digital transformation to strengthen their cybersecurity frameworks.

Companies hit by cyberattacks: M&S, Forever 21 and more

This is part of a much wider trend. Yet in the first few months of 2025, several such organisations have suffered big cyber incidents. In April 2025, Oracle was targeted for breaches across its legacy cloud environments, unencrypting up to 6 million records and demanding inside out ransom. Oracle had reassured its customers that its main cloud infrastructure was safe but the breach impacted both Oracle Cloud Classic and Oracle Health, proving that even tech companies are not immune to legacy system attacks.

In 2024, the UK’s National Cyber Security Centre dealt with 20 major incidents including ransomware attacks on the British Library and some NHS trusts. These attacks also disrupted public services and exposed the risk to critical infrastructure.

In September 2024, Transport for London (TfL) was the victim of a cyberattack that resulted in customer data including Oyster card refund and bank details being compromised, causing services to be suspended and public concern.

In February 2025, American food delivery serNed with the strategies to defend it. In today’s connected world, there is no such thing as a safe business if you’re not investing in robust, proactive cybersecurity, protecting customers, earning and building trust and keeping the business up.

In 2025, retailers will face the most common types of cyber threats such as:

Retailers are now being affected by Supply Chain Attacks. Third party visibility and security is a top priority because attackers will try to infiltrate retail systems through third party vendors or partners.

Retailers also faced data breaches: Sensitive customer or payment data is stolen from about half of retailers. Such incidents can cause theft of identities, credit card fraud and penalties by the regulators.

• Phishing, social engineering attacks: Phishing, whereby attackers send off emails, message, or call an employee or customer pretending they are from a service or bank pretending and deceive them to reveal the credentials or click on the malicious links still top the list of the threats. We are also seeing an increase of social engineering tactics including business email compromise (BEC), voice phishing (vishing) and AI generated deepfakes to assist them.
• Retailers continue to be targeted by malware and ransomware, especially Point of Sale (POS) malware, stealing payment card data, or alternatively locking down systems and demanding ransom. Ransomware attacks can render operations immobile until payment is made.
• Denial-of-Service (DoS) attacks: Retailers suffer from these attacks which make online services or payment systems unavailable, as well as disrupting customer transactions.
• The stolen or leaked credentials are used to gain unauthorised access to customer or employee accounts and make fraudulent purchases or steal data.
• Cybercriminals inject malware or steal data through vulnerabilities on retail websites, e-commerce platforms, or attack internal system houses.
• Retailers leaning on the IoT and payment system attacks: With more retailers adopting IoT devices and solutions for contactless payment, these technologies present new targets for cybercriminals willing to exploit their vulnerabilities to gain access to sensitive information.
• Artificial Intelligence driven attacks: Well, as the attackers are also moving towards the artificial intelligence for the automation of phishing, use of the credential stuffing and the deep fake scams, the threat is becoming more and more difficult to detect.

Why retailers are prime targets: M&S, Forever 21

Generally, retailers are especially attractive to cybercriminals due to their large digital infrastructure and sensitive data they collect. In 2024 Crime Survey issued by British Retail Consortium, 57 percent of retailers said cyberattacks had increased and 90 percent or more said the attacks were staying the same or worse every year since 2015. The most common targets are payment systems, customer databases and online services, exactly the areas that were hit in the M&S incident.

Retailers are taking up Generative AI and cloud based service to enhance the effectiveness and customer experience and expand their attack surface. For instance, hackers can take control of AI powered customer service chatbots and obtain sensitive data or ruin the deal. Despite the fact that ransomware is still a prevalent issue, attackers often demand a payment to recover important systems or prevent a release of stolen data.

Lessons for Indian retailers

The M&S breach and others around the world are a warning to Indian retailers. With digital adoption speeding up, so do the risks. Indian companies must clearly define and scene playbooks for handling a breach, immediately contain the breach, investigate and communicate. Make use of multi factor authentication, continual monitoring, and recurrent danger analyses to identify vulnerabilities sooner attackers really could. Common attack methods, such as phishing and social engineering, are apparent and staff training can help reduce risks. Oracle is a good example of how outdated systems are often weak points that need to be updated or isolated. As AI rolls down in retail companies, industry needs to properly defend not only traditional information technology, but also AI models and data pipelines.

Future outlook

M&S is one of a growing list of incidents affecting major companies across the globe. These events serve as an awakening for Indian retailers and businesses in general to the fact that cybersecurity is no longer a choice. The scope of digital infrastructure and AI adoption has to be matched with the strategies to defend it. In today’s connected world, there is no such thing as a safe business if you’re not investing in robust, proactive cybersecurity, protecting customers, earning and building trust and keeping the business up.