2025 has been a brutal year for UK organisations of every size. From household names like Marks & Spencer and Co-op to global platforms such as Mailchimp and Hertz, cyber attackers have pushed harder, moved faster and caused unprecedented disruption.
AI-powered scams, supply chain breaches and social engineering have all surged, putting millions of customers at risk and exposing just how fragile many businesses’ cyber resilience really is.
Here at Ingenio Technologies, we work closely with businesses across the South East, and one thing is clear, cyber security can no longer sit quietly in the background. It needs to be a board-level priority.
Below is a clear breakdown of what happened in these headline-making attacks and what business owners can learn from the.
Why UK businesses have been hit so hard this year
Cyber criminals have evolved. They are:
- Using AI to create highly convincing phishing emails
- Targeting staff, suppliers and outsourced contractors
- Going after industries where disruption is expensive: retail, legal, financial services and marketing
- Striking at the worst possible moments such as month-end, launches or peak season
The result? Even well-known brands with strong reputations faced major operational shutdowns and long-term damage.
6 major UK cyber attacks that defined 2025
1. Marks & Spencer – major supply chain compromise
Date: April–May 2025
Type of attack: Social engineering + supply chain breach
Impact: Weeks of disruption including 46 days of online downtime, customer data exposure, internal operational delays and an estimated £300m profit loss
The M&S breach became one of the defining cyber incidents of the year. Attackers reportedly used a mix of social engineering tactics and compromised third-party access to infiltrate internal systems.
The breach disrupted core business platforms for over six weeks, highlighting how quickly operations can grind to a halt when supplier access is exploited.
Key takeaway: Even the most established UK brands are vulnerable if supplier access isn’t tightly controlled. Zero-trust policies and robust access management have become essential rather than optional.
2. Co-op – ransomware and data theft
Date: May 2025
Type of attack: Ransomware + customer data leak
Impact: Payment system outages, data exposure, significant financial and reputational damage and an estimated £206m profit loss
The Co-op attack was a stark reminder of how ransomware continues to evolve.
Hackers targeted back-end payment systems, causing store disruptions across the UK. Sensitive customer and supplier information was also stolen, adding long-term risk beyond the initial outage.
Key takeaway: Backup strategies must now include immutable backups, continuous monitoring and simulated recovery tests. Many businesses think they’re ready for an attack — until they try to restore their systems.
3. Mailchimp (UK operations) – credential theft exposes millions of marketing records
Date: Early 2025
Type of attack: Credential harvesting
Impact: Exposure of customer data used in targeted phishing
A compromised employee account allowed attackers to access a huge volume of marketing and CRM data.
Because Mailchimp is widely used by UK businesses — including SMEs across Sussex — the ripple effects were enormous, with the stolen data used in highly targeted phishing campaigns.
Key takeaway: Multi-factor authentication alone isn’t enough. Businesses need behavioural monitoring that detects suspicious account activity immediately.
4. Hertz UK – global breach hits UK branches
Date: June 2025
Type of attack: Global system intrusion affecting UK customer database
Impact: Personal data exposure, operational disruption, customer communication challenges
Hertz suffered a global breach that directly affected its UK systems, exposing sensitive customer information. The incident demonstrated how interconnected global infrastructures can create vulnerabilities closer to home.
Key takeaway: UK businesses relying on global platforms must ensure data segmentation, encryption and regional fail-safes are in place.
5. JD Sports – repeat targeting of retail sector
Date: March 2025
Type of attack: Web application exploitation
Impact: Customer account compromise and fraud attempts
Retail remained one of the UK’s most heavily targeted sectors. JD Sports was hit by attackers who exploited weaknesses in online account systems, enabling access to customer details and accelerating fraud attempts.
Key takeaway: High-traffic retail systems need continuous penetration testing — not annual audits. Attackers test these systems daily, so businesses must match that pace.
6. Jaguar Land Rover – supplier cyber attack disrupts production
Date: February 2025
Type of attack: Supply chain compromise (third-party logistics provider)
Impact: Factory shutdowns, halted production, delayed shipments, operational losses of £485m
Jaguar Land Rover suffered significant disruption after a cyber attack hit one of its key logistics partners responsible for shipping parts to UK plants.
The breach forced the organisation to pause production across multiple UK facilities, creating bottlenecks throughout the supply chain and resulting in costly downtime.
Although JLR’s internal systems were not directly breached, the impact was severe — demonstrating how a single compromised supplier can affect every stage of manufacturing.
Why it matters:
Manufacturers across Sussex and the South East increasingly rely on interconnected supply chains. When just one link is compromised, operations can stop overnight.
Key takeaway: Resilience now depends on end-to-end supplier security, not just internal controls. Regular audits, zero-trust access, and contractual cyber requirements for partners are essential.
How attackers are breaking through in 2025
Cyber crime methods have evolved dramatically:
- AI-written phishing (Phishing 2.0) – personalised, convincing and fast
- Ransomware targeting virtual environments – especially dangerous for organisations using VMware ESXi
- Social engineering via calls, SMS and spoofing
- Supply chain infiltration – exploiting the weakest link in your vendor ecosystem
Groups like Scattered Spider and DragonForce are behind multiple major attacks this year, and they’re becoming more aggressive.
What should businesses do now?
Here at Ingenio Technologies, we believe cyber resilience needs to be practical, proactive and people-focused .
Here’s where to start:
- Assume your business could be targeted: You don’t need to be a high profile business to be a target. Most cyber attacks use the same tools on small businesses: phishing, ransomware, third-party access.
- Invest in cyber awareness training – your people are the first line of defence
- Strengthen your supply chain security, not just your internal systems
- Test your backups regularly so you can recover quickly
- Create a clear communication plan for incidents before they happen
Key takeaways
- Even major UK brands have struggled this year
- Attackers are using AI, supply chains and social engineering to bypass traditional defences
- You can’t control every threat, but you can control how well you prepare
- Prevention is smart, but effective incident response is essential
Speak with an expert today - lets make sure your business isn't the next headline
If you’d like support strengthening your cyber resilience, our team are here to help. We work with businesses across Sussex, Surrey and Kent to build secure, scalable and dependable IT environments that evolve with your organisation.
