NEWSLETTER
Issue #5
NOVEMBER, 2025
In recent years, the global business landscape has been shaken by an unprecedented surge in cyberattacks and data breaches. From retail and luxury fashion to technology and sportswear, these incidents have exposed critical vulnerabilities in corporate infrastructure, compromised sensitive customer data, and inflicted significant financial and reputational damage.
One of the most consequential breaches occurred in April 2025, when British retailer Marks & Spencer was targeted by the cybercriminal group known as Scattered Spider. The attackers infiltrated M&S’s systems by exploiting stolen Active Directory password hashes and deployed ransomware across VMware ESXi hosts, severely disrupting the company’s online operations. The financial impact was substantial, with M&S reporting a £300 million reduction in operating profit and a 40 percent decline in online fashion and home sales. The company’s market value fell by £1 billion, and customer data—including names, email addresses, and birthdates—was compromised. In response, M&S accelerated its digital transformation initiatives and filed a £100 million insurance claim to mitigate the damage.
In the luxury sector, the French conglomerate Kering, which owns brands such as Gucci, Balenciaga, and Yves Saint Laurent, confirmed in September 2025 that it had suffered a significant data breach earlier in the year. The attack, attributed to the hacker group Shiny Hunters, reportedly compromised data linked to 7.4 million customers. The stolen information included names, email addresses, phone numbers, postal addresses, and purchase histories. Although no financial data—such as credit card or bank account details—was exposed, the breach underscored the vulnerability of high-end brands to cyber threats.