What is behind the recent spate of retailer cyberattacks?

Recent attacks by cybercriminals on top-tier retail brands are "likely related and linked," according to a specialist in cybersecurity.

The attacks against Marks & Spencer, Co-op, Adidas, Victoria's Secret, The North Face, and Cartier have been reported in the last few weeks, some of which have resulted in the exposure of customer data, and in some cases have been linked to a loose collective of largely English-speaking cybercriminals known as Scattered Spider.

At least some of the hacks have been carried out using DragonForce, a platform that gives criminals the tools to carry out ransomware attacks, according to the BBC.

The companies have suggested that customers' names and email addresses were exposed, but financial information was not taken in the breaches. Cartier has said home addresses and purchase histories may have also been leaked.

Ignas Valancius, head of engineering at cybersecurity company NordPass, said that the attacks were likely "not some conspiracy against the retail sector or clothing manufacturers, but rather an issue of reused passwords and poor digital hygiene."

North Face has said it think hackers gained access to its systems though a technique called "credential stuffing," where they try usernames and passwords stolen from data breaches or bought on the dark web in the hope customers have re-used them.

"Apparently quite a few people do. Actually, in the USA, it's around 62%," said Valancius. "On average, Americans reuse passwords on about five accounts, with one-fifth admitting to reusing them on 10 or more accounts."

He added that this creates a "domino effect" of vulnerability, where a single compromised password can unlock an entire digital life, raising the risk of serious financial loss and identity theft.

"The best way to hinder cyber criminals and reduce harm is for businesses and customers to change passwords and stop reusing them," according to Valancius. "In addition, it’s best to start using passkeys where possible [as] they are way more secure than passwords."

The impact on companies of this type of attack can be massive. M&S was forced to take down its website in the wake of the attack, cutting off an important sales channel, and while it has now come back up online, sales remain paused, and the company has said it expects to take a £300m ($407m) profit hit from the cyberattack this year.