Most common cyberattacks in the Retail Sector: Real cases

The digitalization of the retail sector has been key to improving customer experience and optimizing operational processes. However, this transformation has also exposed companies in the sector to a growing wave of cyberattacks. From e-commerce platforms to point-of-sale (POS) terminals, attack surfaces have multiplied—along with the risks to data integrity and business continuity.

At ESED, as cybersecurity specialists across various industries, we use this article to outline the most common and frequent cyberattacks targeting the retail sector. We’ll examine real cases that have occurred in Spain and offer recommendations to prevent and mitigate cyber risks.

Main types of cyberattacks in retail

Data theft and web application attacks

Online stores and mobile apps are frequent targets for attacks like Cross-Site Scripting (XSS) and SQL Injection, aimed at gaining access to personal data, user credentials, or payment card information. Attackers often exploit vulnerabilities in forms or search functions to execute malicious code.

Ransomware

Ransomware remains one of the most damaging types of attacks. This kind of malware encrypts critical files and systems—such as CRM, ERP, or inventory systems—and demands a ransom for their release. In retail, this can result in a complete shutdown of both physical and online sales operations.

Distributed Denial of Service (DDoS) Attacks

DDoS attacks aim to overwhelm systems by flooding web servers or payment platforms, rendering them inaccessible. These attacks are especially problematic during peak sales periods such as Black Friday or seasonal sales.

Point-of-Sale (POS) Terminal Fraud

POS-targeted malware can intercept and extract card data during transactions. In addition, social engineering techniques targeting employees are used to manipulate these devices or install malicious hardware.

Real cases in spain

El Corte Inglés

In March 2025, El Corte Inglés reported a security breach involving a technology provider. While payment systems were not affected, attackers accessed personally identifiable customer information. The company activated its response protocol and notified both affected individuals and the Spanish Data Protection Agency.

Alcampo (Auchan Group)

In the summer of 2024, Alcampo suffered a cyberattack that temporarily impacted internal operations. Although technical details were not disclosed, the company confirmed the implementation of contingency measures to keep its physical stores operational.

Tendam (Cortefiel)

In September 2024, textile group Tendam fell victim to a ransomware attack. The attackers stole over 700 GB of data and demanded a ransom of nearly €800,000. The company reported the incident to authorities and initiated legal and technical measures to contain the impact.

Christian Dior Couture

In early 2025, a Dior customer database in China was leaked following an attack on its digital infrastructure. While not directly related to Spain, this case exemplifies cybercriminals' growing interest in the luxury segment of retail.

Impact of cyberattacks on retail

Cyberattacks not only result in direct financial losses but also cause reputational damage, loss of consumer trust, and potential regulatory penalties, particularly concerning personal data protection (GDPR). According to recent data, 35% of retail companies in Spain experienced some type of security incident in the past year.

How to prevent and mitigate cyberattacks in retail

Web and e-Commerce platform security

It’s crucial to implement firewalls to filter malicious traffic, use encrypted connections (HTTPS), and apply Content Security Policies (CSP).

Protección frente a ransomware

Having data backups is essential for recovery in the event of a cyberattack. At ESED, we follow the 3-2-1 backup rule: keep backups in different formats and locations to ensure data recovery.

Additionally, internal networks should be segmented to isolate critical systems, and proactive cybersecurity solutions like Managed Detection and Response (MDR) should be implemented for 24/7 threat detection and elimination.

Management of terminals and physical devices

POS systems should be regularly updated and access should be restricted to authorized personnel only. The following article provides more detailed information on the importance of keeping systems and devices up to date.

Monitoring device activity and using specialized anti-malware protection software are also key measures.

Employee training and awareness

An employee may receive an overwhelming number of emails daily depending on their department or role. Without proper training on daily cyber threats, they may fail to distinguish between legitimate and malicious emails—falling victim to phishing attacks.

Raising awareness and conducting phishing simulations are critical to preventing cyber incidents.

El sector retail está expuesto a amenazas cibernéticas cada vez más complejas. La combinación de activos digitales, procesamiento de datos personales y alta rotación operativa convierte al retail en un objetivo prioritario para los ciberdelincuentes.

Los casos reales en España demuestran que ninguna empresa está exenta, y que la prevención, formación y supervisión continua son fundamentales para proteger los activos, los datos de los clientes y la continuidad del negocio. Invertir en ciberseguridad ya no es opcional: es un imperativo estratégico para la sostenibilidad y la competitividad del sector.