Three of the UK’s most recognizable retailers—Marks & Spencer (M&S), Co-op, and Harrods—have each confirmed being targeted by cyberattacks in recent days, disrupting operations and raising questions about whether these incidents are part of a broader campaign or just coincidence.

M&S was the first to report trouble, with issues surfacing over the Easter weekend. The attack took gift card payments and click-and-collect services offline, and by last week, M&S made the decision to pause online orders entirely. Stores stayed open, but the company has provided no technical details so far—only that their teams are “working day and night” to get systems back online.

Co-op was next. Earlier this week, the food and retail chain said it experienced unauthorized access attempts targeting internal systems. In response, Co-op took certain systems offline to protect its infrastructure. That move caused minor disruptions to back-office and call center operations, but stores and funeral services continued as normal.

One unusual detail emerged: according to the BBC, Co-op asked employees to turn on cameras during remote meetings and verify attendees, a step that suggests concerns that the intruders might still be present inside their network.

Harrods also confirmed an attack, saying hackers tried to access some internal systems. The company’s response team limited internet access at retail locations to contain the incident, leading to some in-store disruptions. However, all stores remained open, and importantly, Harrods’ online operations were not impacted.

None of the three companies have publicly stated whether ransomware or extortion was involved. No known threat actor has claimed responsibility, and it’s still unclear whether the incidents are linked or coincidental. But the timing—and the shared targeting of high-profile retailers—has understandably raised eyebrows in the cybersecurity community.

For IT and security leaders tracking risk in retail or supply chain environments, this cluster of incidents is a fresh reminder of how fast disruptions can scale—and how threat actors continue to test the seams of operational technology and business-critical systems.