Fraud Fears But No Breach Spike Expected This Festive Season

Fraud Fears But No Breach Spike Expected This Festive Season

Security experts have dismissed fears that threat actors could step up cyber-attacks on distracted retailers this Black Friday and in the run up to Christmas, although concerns persist.

Huntsman Security analyzed data security incidents reported to the UK’s Information Commissioner’s Office (ICO) between Q3 2024 and Q2 2025. It found that the 1381 incidents reported by the retail and manufacturing sector had only minor seasonal peaks, with none outside a margin of error.

Some 355 incidents were reported to the regulator in the busiest time of the year for retailers (Q4), versus 323 in Q3 2024, 317 in Q2 2025 and 386 in Q2 2025. The latter period included the massive ransomware breaches at M&S and the Co-Op Group.

A similar pattern is true of ICO breach reports since 2019.

In 2024-25, 618 retail breaches were due to brute force attacks, hardware andsoftware misconfigurations, malware, phishing and ransomware, Huntsman Security said.

Piers Wilson, head of product managementat the cybersecurity specialist, argued that all of these threats can be mitigated with the right controls in place.

“Attackers are opportunistic: they’ll strike when it most suits them. We can see from the ICO’s data that a relatively small number of incident types have the greatest impactand target the most valuable information,” he added.

“To prevent these, retailers need to move towards a mindset of continuous assurance that their defenses are [not] drifting into a vulnerable state. If regular attacks are spotted sooner and prevented from becoming major breaches year-round, cybersecurity teams can instead concentrate on more major events that could strike at any time.”

Wilson told Infosecurity that retailers have to balance cyber resilience with the need to drive profits.

“At critical times they need to maximize sales, but the empty shelves in M&S and the Co-op earlier this year showed how disruptive a cyber attack can be. If that scenario occurred at a time when sales performance was critical and the year’s profit targets were on the line then the results could be catastrophic,” he said.

“Retailers do recognize the importance of cybersecurity, but as the season to be merry approaches, they would do well to double check how resilient their business is in the face of an attack.”

Black Friday Security and Fraud Fears Mount

However, not all experts were so sanguine. A report from Semperis this week revealed that over half (52%) of reported ransomware attacks during the past 12 months occurred on a weekend or holiday – raising fears of breaches this Thanksgiving weekend and over the Christmas break.

A Telegram post by the notorious Scattered Lapsus$ Hunters group seen byReliaQuest earlier this month warned: “all the IR [incident response] people should be at work watching their logs during the upcoming holidays till January 2026 bcuz #ShinyHuntazz is coming to collect your customer databases.”

It’s also true up to a point that retailers will be laser-focused on driving sales this festive period, which can mean attention is diverted from other parts of IT.

According to Action Fraud data, £11.8m (£15.6m) was lost to online shopping fraud over last year’s festive shopping season (November 1 2024 to 31 January 2025), the UK’s NCSC claimed.

Even if stores aren’t targeted directly in Q4 with payment fraud, consumers certainly will be.

Read more on seasonal fraud trends:UK Shoppers Lost £11.5m Last Christmas, NCSC Warns

CloudSEK has observed over 2000 fake e-commerce sites gearing up to trick shoppers into handing over their money. Likely enabled by AI, many of these sitesfeature Amazon-themed typosquatted domains, fake trust badges, pop-ups simulating recent purchasesand other features designed to reassure consumers.

Others are registered under the .shop domain and impersonate global brands such as Samsung, Jo Malone, Ray-Ban, Xiaomiand others. They will likely be advertised by phishing messages designed to lure consumers to the sites.

Experts also warned consumers to be on the lookout for fake package tracking messages.

“You might receive a message claiming to be from UPS or FedEx saying there’s an issue with your delivery, urging you to click a link,” said SecurityScorecard CISO, Steve Cobb.

“Take a few extra seconds to verify the message. Know who it’s coming from and don’t click on any links blindly.”

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.