Friday, 6 June 2025

Phishing, Ransomware, Data Leaks: Lessons from Recent UK Cyber Attacks

Explore what the recent cyberattacks on M&S, Co-op and West Lothian schools have in common and how your organisation can avoid the same mistakes.

Following data breaches at Marks & Spencer and the Co-op, the education sector has become the latest target.

In April, two major UK retailers made headlines for all the wrong reasons.

Cyber-attack-m&sMarks & Spencer was affected by a data breach when attackers impersonated IT help desk staff and tricked employees into handing over their login credentials and multi-factor authentication (MFA) codes.
This gave the criminals direct access to internal systems and sensitive data.

 

Meanwhile, the Co-op narrowly avoided a full-scale crisis. Hackers infiltrated its network and attempted to deploy ransomware. But the Co-op's IT team acted quickly, disconnecting internal systems and preventing full encryption. Although this caused a short-term disruption, it ultimately minimised damage and sped up recovery.

Then, in May, the threat came closer to home when it impacted the education sector.

The West Lothian Council Breach

On 6 May 2025, West Lothian Council confirmed that its education network had been targeted in a ransomware attack. Initially, no data theft was evident. However, by 21 May, it had become apparent that sensitive information, including staff and pupil data, had been stolen.

Thanks to well-prepared contingency plans, all schools remained open and SQA exams proceeded as scheduled. But behind the scenes, the response involved complex recovery efforts, police investigations, child protection reviews and reputational risk management.

What Was Affected?

Cyber-attack

The ransomware attack primarily targeted internal school documents, including lesson plans and operational data. However, West Lothian Council has since confirmed that some personal and sensitive data was stolen, too.

 

While confidential pupil records, financial data and social care systems are stored separately, officials have not ruled out the possibility that medical or social work information may have been compromised.

The council has contacted parents, carers and staff at over 140 sites to inform them of the breach and offer support.

According to BBC reports, a group known as Interlock has claimed responsibility for the attack and is threatening to publish the stolen data unless a ransom is paid.

What Ties These Attacks Together?

Different targets. Different tactics. But they all have the same underlying issues.

  • Phishing and social engineering
  • Compromised credentials
  • Delayed patching
  • Weak network segmentation
  • Lack of early detection

In M&S's case, the attack involved help desk impersonation. At the Co-op, there was an attempted deployment of ransomware. West Lothian Council experienced a ransomware attack accompanied by confirmed data theft.

Cyber-attack2

These aren’t rare events anymore, they’re weekly headlines. And most of them stem from overlooked basics.

What the Data Tells Us

Most cyber attacks don’t begin with elite hackers, they start with the basics.

Cyber-Advisor7

Phishing, malware and unauthorised access still dominate because many organisations leave simple vulnerabilities exposed, such as weak passwords, outdated systems, poor network segmentation and excessive user permissions.

But by 2025, that's only half of the story.

AI-powered attacks, ransomware-as-a-service (RaaS) and supply chain breaches are becoming increasingly common.

Criminal groups are evolving, combining automation with psychological tactics to exploit even the smallest gaps on a large scale.

Although basic cyber hygiene remains your best first line of defence, you also need to keep pace with modern cyber threats to stay protected.

How Grant McGregor Can Help?

Cyber-Advisor6As one of Scotland’s NCSC-approved Assured Service Providers, we help organisations:

  • Identify and close the most commonly exploited vulnerabilities
  • Strengthen defences across users, devices and data
  • Develop secure habits with the help of practical guidance
  • Prepare for Cyber Essentials certification
  • Build long-term cyber resilience

We work with organisations from various sectors, including education, charities and professional services, to help them proactively improve their cyber security.

Don’t leave it to chance.

If you’re not sure where your vulnerabilities lie, or if you need expert advice on how to strengthen your defences, we can help.

Speak a Cyber Advisor.

Call us: 0808 164 4142 

Message us: https://www.grantmcgregor.co.uk/contact-us

Contact Us

Recent Posts