Festive Season Fraud Fears: No Major Breach Spike Expected
▼ Summary
– Security experts have dismissed fears of increased cyber-attacks on retailers during the Black Friday and Christmas periods, citing minimal seasonal peaks in data security incidents.
– Huntsman Security’s analysis of UK ICO data from 2024-25 showed retail sector incidents remained stable, with only minor fluctuations and no significant seasonal spikes.
– Over half of recent ransomware attacks occurred on weekends or holidays, raising concerns about potential breaches during upcoming holiday periods.
– Cybersecurity specialists emphasize that retailers need continuous assurance of their defenses and should focus on mitigating common threats like ransomware and phishing year-round.
– Consumers face significant risks from fake e-commerce sites and phishing scams, with experts warning to verify messages and avoid clicking on suspicious links.
While many worry that cybercriminals ramp up their activities during the busy holiday shopping season, recent data suggests a different reality. Security professionals have analyzed breach reports and found no significant seasonal spike in attacks targeting retailers, even during peak periods like Black Friday and Christmas. Huntsman Security examined data security incidents reported to the UK’s Information Commissioner’s Office over a recent four-quarter span. The retail and manufacturing sector reported 1,381 incidents in total, with only minor fluctuations that fell within a normal margin of error.
The busiest quarter for retailers, Q4, saw 355 incidents reported to the regulator. This compares to 323 in the previous quarter, 317 in Q1 of 2025, and 386 in Q2 of 2025, a period that included major ransomware incidents affecting well-known chains like M&S and the Co-Op Group. This pattern of relatively stable incident reporting has held true since 2019.
During the 2024-25 period, 618 retail breaches were attributed to familiar threats, including brute force attacks, misconfigured hardware or software, malware, phishing, and ransomware. According to Piers Wilson, head of product management at Huntsman Security, each of these risks can be managed effectively with appropriate security controls in place.
Wilson emphasized that attackers tend to be opportunistic, striking when it suits them best. Data from the ICO shows that a small number of incident types tend to cause the most damage by targeting high-value information. He advised that retailers should adopt a mindset of continuous assurance to ensure their defenses do not drift into a vulnerable state. By detecting and stopping regular attacks early, cybersecurity teams can focus their efforts on preparing for more significant, unpredictable incidents.
He also pointed out that retailers must strike a balance between maintaining cyber resilience and driving profits, especially during critical sales periods. The empty shelves seen earlier this year at M&S and the Co-op illustrated just how disruptive a successful cyber attack can be. If a similar incident occurred during a peak sales period when annual profit targets were on the line, the outcome could be catastrophic. While retailers generally recognize the importance of cybersecurity, Wilson suggested they would be wise to reassess their resilience as the festive season approaches.
Despite these reassurances, not all experts share this calm outlook. A recent Semperis report indicated that more than half of ransomware attacks in the past year took place on a weekend or holiday, raising concerns about Thanksgiving and Christmas breaks. Adding to the tension, a post on Telegram from a threat group known as Scattered Lapsus$ Hunters warned that incident response teams should be monitoring their logs throughout the holidays into January 2026, hinting at upcoming attacks targeting customer databases.
It is also true that during the festive season, retailers tend to focus intensely on maximizing sales, which can divert attention away from IT security. According to Action Fraud data cited by the UK’s National Cyber Security Centre, online shopping fraud led to losses of £11.8 million during the previous festive shopping season, which ran from November 2024 through January 2025. Even if retailers are not directly targeted with payment fraud in the fourth quarter, consumers certainly remain at risk.
In a related development, CloudSEK identified more than 2,000 fake e-commerce websites preparing to scam holiday shoppers. Many of these sites appear to be powered by AI and use Amazon-themed typosquatted domains, counterfeit trust badges, and pop-ups that simulate recent purchases to appear legitimate. Others operate under the .shop domain and impersonate global brands such as Samsung, Jo Malone, Ray-Ban, and Xiaomi. These fraudulent sites are often promoted through phishing messages designed to lure unsuspecting shoppers.
Experts are also warning the public to watch out for fake package tracking messages. Steve Cobb, CISO at SecurityScorecard, noted that scammers often send texts or emails pretending to be from delivery services like UPS or FedEx, claiming there is an issue with a delivery and urging recipients to click a link. He advised taking a few extra seconds to verify such messages, know who the sender is and avoid clicking any links without careful scrutiny.
(Source: Info Security)
