Explore what the recent cyberattacks on M&S, Co-op and West Lothian schools have in common and how your organisation can avoid the same mistakes.
Following data breaches at Marks & Spencer and the Co-op, the education sector has become the latest target.
Marks & Spencer was affected by a data breach when attackers impersonated IT help desk staff and tricked employees into handing over their login credentials and multi-factor authentication (MFA) codes.
This gave the criminals direct access to internal systems and sensitive data.
Meanwhile, the Co-op narrowly avoided a full-scale crisis. Hackers infiltrated its network and attempted to deploy ransomware. But the Co-op's IT team acted quickly, disconnecting internal systems and preventing full encryption. Although this caused a short-term disruption, it ultimately minimised damage and sped up recovery.
Then, in May, the threat came closer to home when it impacted the education sector.
On 6 May 2025, West Lothian Council confirmed that its education network had been targeted in a ransomware attack. Initially, no data theft was evident. However, by 21 May, it had become apparent that sensitive information, including staff and pupil data, had been stolen.
Thanks to well-prepared contingency plans, all schools remained open and SQA exams proceeded as scheduled. But behind the scenes, the response involved complex recovery efforts, police investigations, child protection reviews and reputational risk management.
The ransomware attack primarily targeted internal school documents, including lesson plans and operational data. However, West Lothian Council has since confirmed that some personal and sensitive data was stolen, too.
While confidential pupil records, financial data and social care systems are stored separately, officials have not ruled out the possibility that medical or social work information may have been compromised.
The council has contacted parents, carers and staff at over 140 sites to inform them of the breach and offer support.
According to BBC reports, a group known as Interlock has claimed responsibility for the attack and is threatening to publish the stolen data unless a ransom is paid.
Different targets. Different tactics. But they all have the same underlying issues.
In M&S's case, the attack involved help desk impersonation. At the Co-op, there was an attempted deployment of ransomware. West Lothian Council experienced a ransomware attack accompanied by confirmed data theft.
These aren’t rare events anymore, they’re weekly headlines. And most of them stem from overlooked basics.
Phishing, malware and unauthorised access still dominate because many organisations leave simple vulnerabilities exposed, such as weak passwords, outdated systems, poor network segmentation and excessive user permissions.
But by 2025, that's only half of the story.
AI-powered attacks, ransomware-as-a-service (RaaS) and supply chain breaches are becoming increasingly common.
Criminal groups are evolving, combining automation with psychological tactics to exploit even the smallest gaps on a large scale.
Although basic cyber hygiene remains your best first line of defence, you also need to keep pace with modern cyber threats to stay protected.
As one of Scotland’s NCSC-approved Assured Service Providers, we help organisations:
We work with organisations from various sectors, including education, charities and professional services, to help them proactively improve their cyber security.
If you’re not sure where your vulnerabilities lie, or if you need expert advice on how to strengthen your defences, we can help.
Call us: 0808 164 4142
Message us: https://www.grantmcgregor.co.uk/contact-us