Retail stores are getting hit hard by cyberattacks

Politico

16-06-2025

With help from Maggie Miller and John Sakellariadis
Driving the day
— Cyberattacks against retailers around the world are on the rise, leaving some store shelves empty and customer data at risk.
HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! To beat the gloomy weather this weekend, the Nickel household binged the 'Hunger Games' movies. I'm already excited for the next movie.
Follow POLITICO's cybersecurity team on X at @RosiePerper, @johnnysaks130, @delizanickel and @magmill95, or reach out via email or text for tips. You can also follow @POLITICOPro on X.
Editor's Note: Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories.
Today's Agenda
The Senate Intelligence Committee holds a closed briefing on 'intelligence matters.' 4 p.m.
Happening This Week
On Tuesday — The Senate Judiciary Committee holds a hearing on 'Protecting Older Americans from Transnational Crime Networks.' 10:15 a.m.
The Senate Appropriations Committee's Defense Subcommittee holds a closed hearing on proposed budget estimates for the intelligence community for fiscal year 2026. 10:30 a.m.
On Wednesday — The Senate Intelligence Committee holds a closed hearing on 'intelligence matters.' 2:30 p.m.
Industry Intel
OUT OF STOCK — A recent spike of cyberattacks against major retailers in the U.S. and abroad is stoking fears that these breaches could seriously disrupt services and lead to less access to necessities like food or clothing.
Last week, United Natural Foods Inc., one of the country's top food distributors and one of Whole Foods' largest partners, experienced a major cyberattack. In a filing with the SEC, the company stated that the attack affected its 'ability to fulfill and distribute customer orders,' leaving some store shelves temporarily barren.
This attack on UNFI is just the latest in a string of attacks against the retail sector. Last week, Victoria's Secret announced that it had restored all of its systems after a cyberattack in May forced the company to pause online orders and temporarily take its website down. The North Face announced a breach earlier this month that had compromised thousands of customer accounts.
In the U.K., retailer Marks & Spencer was hit with a cyberattack in May that hindered online shopping, and a cyberattack on grocery store chain Co-op led to empty shelves in some locations.
— Operating with 'impunity': Retailers are prime targets for hackers due to the trove of valuable personal and financial data collected on customers.
'Retailers collect and store vast amounts of valuable personal and financial data, such as credit card numbers, payment details, home addresses and phone numbers,' said Fletcher Davis, senior security research manager at cybersecurity firm BeyondTrust. 'One breach can often yield a large amount of records that can be sold on dark web markets.'
And similar to hackers targeting other areas like health care and education, these retail attacks are often carried out by ransomware gangs seeking a payout.
'Most cybergangs are geographically distributed and located in countries that have no reciprocal law enforcement agreements or cooperation with the United States,' said Darren Williams, founder and CEO of cybersecurity firm BlackFog, adding that the hacking groups are primarily linked to Russia and China.
Bob Kolasky, senior vice president of critical infrastructure at cybersecurity firm Exiger, who previously served as the founding director of CISA's National Risk Management Center, told your host that the U.S. previously put pressure on nations that enabled ransomware activity, like Russia, to crack down on attacks from ransomware gangs — though it's unlikely they heeded the warnings.
'If you look at overall trends, it's really hard to see any evidence that these countries that we might consider adversarial have clamped down on ransomware activity,' Kolasky said. 'There's still a way too fertile ecosystem of ransomware actors who operate with some level of impunity.'
— Real-world consequences: As these attacks grow more frequent, customers may notice more products missing from shelves and online ordering systems remaining down for weeks at a time.
Williams told your host of the UNFI cyberattack that 'these kinds of incidents can disrupt critical logistics and jeopardize timely food access for millions.'
These attacks can also leave customers' personal data exposed for future exploitation.
James Turgal, vice president of global cyber risk, strategy and board relations at cybersecurity firm Optiv, told your host that the data collected by retailers can be attractive for nation-state threat actors to build 'comprehensive dossiers on U.S. citizens.'
'While retail data may not seem sensitive in isolation, in the hands of sophisticated threat actors, especially nation-states, it can become a powerful tool for intelligence, influence and cyberattack planning,' Turgal added.
At the Agencies
DATA-SHARING — The Department of Homeland Security now has access to personal data on millions of Medicaid enrollees, including their immigration status, as the Trump administration continues to ramp up deportations.
The Associated Press reported on Saturday that the Centers for Medicare and Medicaid gave DHS access to data on people living in Washington, D.C., Illinois, Washington state and California — all places that allow non-U.S. citizens to enroll in Medicaid programs.
— The big picture: The push is part of a broader effort by the Trump administration to provide DHS with data on immigrants.
In April, the IRS agreed to share confidential taxpayer information — some of the most closely guarded data in the federal government — with DHS. As part of the agreement, immigration authorities can ask the IRS for information on undocumented immigrants, including their home addresses.
The International Scene
UNDER THE SEA — As China and Russia step up sabotage operations targeting undersea cables, a new report from the China Strategic Risks Institute found that the United Kingdom is unprepared to combat the growing threat.
The report, out on Sunday, examined 12 incidents between January 2021 and April 2025 where U.K. authorities investigated alleged undersea cable sabotage. The majority of cases analyzed in the report found that Russia or China was directly linked to the alleged sabotage operations.
The report also identified patterns that suggested possible coordination between China and Russia on undersea cable attacks — including Russian vessels in suspicious incidents near Taiwan and Chinese vessels in the Baltic Sea.
— International data hub: Undersea cables are a big target for rival powers like China or Russia due to the massive amounts of data they carry. Around 99 percent of all data that moves around the world is transferred through undersea cables.
The report identified the U.K. as a key hub in the Euro-Atlantic cable infrastructure, making it a likely target for future operations from Moscow or Beijing.
AIRLINE ATTACK — Canada's second-largest airline is investigating a cyberattack that disrupted access to internal systems.
WestJet said in a security alert on Friday that the airline is 'aware of a cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users.' The airline also said specialized internal teams are working with Transport Canada and law enforcement to investigate the breach and manage the impact.
On Saturday, the airline issued an update that its operations 'remain safe and unaffected while we work towards resolving the situation.'
Industry Intel
STRENGTHENING POSTURE — As the conflict between Israel and Iran intensifies, cyber groups are urging U.S. businesses to prepare for the potential of increased cyberattacks from Iran.
The Food and Agriculture Information Sharing and Analysis Center (Ag-ISAC) and the Information Technology Information Sharing and Analysis Center (IT-ISAC) issued a joint statement on Friday highlighting that Iranian state-sponsored hackers have previously targeted U.S. organizations in cyberspace during periods of heightened conflict.
'Even attacks not directly targeting the U.S. could have indirect effects and cause disruptions to companies in the U.S.,' the ISACs warned. 'Given the interconnectedness of networks, it is possible that cyber attacks targeting Israel itself could cause collateral damage to U.S. companies, even if the U.S. companies themselves are not the intended target.'
Quick Bytes
GENETIC DATA — As lawmakers sound the alarm over the fate of millions of Americans' genetic data in the wake of 23andMe's bankruptcy proceedings, TechCrunch's Aisha Malik breaks down how users can delete their data on the app.
CYBERATTACKS CLIMB — Cybersecurity firm Radware reports that Israel's government websites, telecommunications firms and financial institutions are experiencing a spike in cyberattacks since the strike on Iran, The Jerusalem Post reports.
Chat soon.
Stay in touch with the whole team: Rosie Perper (rperper@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com), and Dana Nickel (dnickel@politico.com).