Retail Cyberattacks Expose Risks in Third-Party IT Supply Chains

A wave of cyberattacks targeting UK retailers has caused widespread disruption, exposing critical weaknesses in the interconnected systems that retailers rely on. 

The BBC reports that major high-street names including The Works, Wilko, and Card Factory all suffered operational shutdowns, delayed deliveries, and online service outages due to breaches affecting their third-party IT providers [1].

One of the key incidents has been linked to security failures at Zellis, a widely used payroll and HR software provider. With a single point of failure affecting multiple brands, the attacks have reignited urgent discussion about supply chain resilience, third-party risk, and business continuity in the face of escalating cybercrime.

The Hidden Risk in Retail IT

The National Cyber Security Centre (NCSC) confirmed in a new blog post that attackers are increasingly focusing on “downstream impact”, where one compromised provider can affect dozens of clients [2]. This method, known as supply chain compromise, allows attackers to bypass stronger internal security protocols by exploiting weaker external partners.

“The complexity of modern IT supply chains means that a vulnerability in one system can cascade across multiple retailers, eroding trust and halting operations,” the NCSC warns [2].

In this case, several retailers had no direct interaction with the attackers. Instead, the breach at Zellis, which provides payroll and HR services to multiple UK companies, granted unauthorised access to sensitive employee and company data through a trusted channel.

Five Steps to Strengthen Supply Chain Cyber Security

In light of these events, the NCSC is urging all UK businesses, especially those in retail, logistics, and payroll, to assess their third-party risk exposure and implement layered cyber defences.

Here are five critical actions your business should take immediately:

1. Map Your Digital Supply Chain
Identify every third-party tool, vendor, or partner with access to your systems or data. Pay close attention to cloud platforms, HR/payroll providers, POS integrations, and managed service providers.

2. Apply the Principle of Least Privilege
Ensure external vendors only have access to the specific data and systems they need, and nothing more. Audit permissions and disable dormant accounts or legacy connections.

3. Conduct Due Diligence on Vendors
Before onboarding, verify your vendors’ cybersecurity practices. Ask for certifications (e.g. Cyber Essentials, ISO 27001) and ensure they follow NCSC supply chain security guidelines.

4. Strengthen Incident Response Plans
Run simulation exercises to test how your company would respond to a third-party breach. Your plan should include rapid containment, legal reporting obligations, and customer communication protocols.

5. Keep Software Updated & Segment Systems
Patch all software regularly. Isolate critical systems — such as payment gateways or HR data — from the rest of your network to limit damage in case of compromise.

“You’re only as secure as the weakest link in your chain,” says the NCSC. “Securing your supply chain is no longer optional, it’s essential for survival in the current threat landscape” [2].

How AJC Helps Retailers Respond to Third-Party Cyber Risks

At AJC, we can help UK retailers and supply-driven businesses strengthen their cybersecurity posture in the face of growing third-party threats.

We offer:

• Checklists and toolkits to audit vendor risk and prepare for third-party breach scenarios
  
• Breakdowns of NCSC guidance tailored specifically for retail, logistics, and supply chain contexts
  
• Expert analysis of recent incidents, including lessons from retailer case studies
  
• Curated webinars with cybersecurity specialists on managing supply chain compromise
  
• Ongoing coverage of breaches affecting retailers and best practice updates
  

From POS and payroll systems to cloud integrations, today’s retail environments rely on complex third-party infrastructure. AJC provides the insight and tools to help you stay secure,  even when your exposure starts with someone else’s system.

Contact us on 020 7101 4861 or email us at info@ajollyconsulting.co.uk if you think we can help.

Sources
[1] BBC News. Retailers Disrupted by Cyberattack on IT Supplier.
https://www.bbc.co.uk/news/articles/c4grn878712o

[2] National Cyber Security Centre (NCSC). Incidents Impacting Retailers – The Cyber Security Perspective.
https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers

Image accreditation: Getty Images from Unsplash.com+. Last accessed on 23rd June 2025. Available here.