Security experts have dismissed fears that threat actors could step up cyber-attacks on distracted retailers this Black Friday and in the run up to Christmas, although concerns persist.
Huntsman Security analyzed data security incidents reported to the UK's Information Commissioner's Office (ICO) between Q3 2024 and Q2 2025. It found that the 1381 incidents reported by the retail and manufacturing sector had only minor seasonal peaks, with none outside a margin of error.
Some 355 incidents were reported to the regulator in the busiest time of the year for retailers (Q4), versus 323 in Q3 2024, 317 in Q2 2025 and 386 in Q2 2025. The latter period included the massive ransomware breaches at M&S and the Co-Op Group.
A similar pattern is true of ICO breach reports since 2019.
In 2024-25, 618 retail breaches were due to brute force attacks, hardware and software misconfigurations, malware, phishing and ransomware, Huntsman Security said.
Piers Wilson, head of product management at the cybersecurity specialist, argued that all of these threats can be mitigated with the right controls in place.
“Attackers are opportunistic: they’ll strike when it most suits them. We can see from the ICO’s data that a relatively small number of incident types have the greatest impact and target the most valuable information,” he added.
“To prevent these, retailers need to move towards a mindset of continuous assurance that their defenses are [not] drifting into a vulnerable state. If regular attacks are spotted sooner and prevented from becoming major breaches year-round, cybersecurity teams can instead concentrate on more major events that could strike at any time.”
Wilson told Infosecurity that retailers have to balance cyber resilience with the need to drive profits.
“At critical times they need to maximize sales, but the empty shelves in M&S and the Co-op earlier this year showed how disruptive a cyber attack can be. If that scenario occurred at a time when sales performance was critical and the year’s profit targets were on the line then the results could be catastrophic,” he said.
“Retailers do recognize the importance of cybersecurity, but as the season to be merry approaches, they would do well to double check how resilient their business is in the face of an attack.”
Black Friday Security and Fraud Fears Mount
However, not all experts were so sanguine. A report from Semperis this week revealed that over half (52%) of reported ransomware attacks during the past 12 months occurred on a weekend or holiday – raising fears of breaches this Thanksgiving weekend and over the Christmas break.
A Telegram post by the notorious Scattered Lapsus$ Hunters group seen by ReliaQuest earlier this month warned: “all the IR [incident response] people should be at work watching their logs during the upcoming holidays till January 2026 bcuz #ShinyHuntazz is coming to collect your customer databases.”
It’s also true up to a point that retailers will be laser-focused on driving sales this festive period, which can mean attention is diverted from other parts of IT.
According to Action Fraud data, £11.8m (£15.6m) was lost to online shopping fraud over last year’s festive shopping season (November 1 2024 to 31 January 2025), the UK’s NCSC claimed.
Even if stores aren’t targeted directly in Q4 with payment fraud, consumers certainly will be.
Read more on seasonal fraud trends: UK Shoppers Lost £11.5m Last Christmas, NCSC Warns
CloudSEK has observed over 2000 fake e-commerce sites gearing up to trick shoppers into handing over their money. Likely enabled by AI, many of these sites feature Amazon-themed typosquatted domains, fake trust badges, pop-ups simulating recent purchases and other features designed to reassure consumers.
Others are registered under the .shop domain and impersonate global brands such as Samsung, Jo Malone, Ray-Ban, Xiaomi and others. They will likely be advertised by phishing messages designed to lure consumers to the sites.
Experts also warned consumers to be on the lookout for fake package tracking messages.
“You might receive a message claiming to be from UPS or FedEx saying there’s an issue with your delivery, urging you to click a link,” said SecurityScorecard CISO, Steve Cobb.
“Take a few extra seconds to verify the message. Know who it’s coming from and don’t click on any links blindly.”