Synnovis ransomware attack (June 2024): NHS pathology disruption in South-East London
Victims
- Synnovis
- Multiple NHS trusts across South-East London dependent on its pathology systems
Suspected culprits (not proven)
- Widely attributed in reporting to Qilin (based on criminal claims and intelligence analysis, not court proof).
Effect
- Severe testing backlog.
- Over 10,000 appointments delayed.
- Emergency clinical workarounds implemented.
- National scrutiny of healthcare cyber resilience.
Cost to put things right
- Estimated ~£32.7 million impact (2024 accounts reporting).
- Included forensic investigation, infrastructure rebuild, operational loss and resilience upgrades.
Transport for London cyber incident (September 2024): major operational disruption
Victims
- Transport for London
- London commuters and businesses reliant on TfL systems
Suspected culprits (not proven)
- No public confirmed group attribution.
- Individuals charged by the National Crime Agency (charges ≠ convictions).
Effect
- System outages and customer account issues.
- Increased call centre demand.
- Prolonged recovery phase.
Cost to put things right
- TfL disclosed costs “in the region of £30 million”.
- Around £5 million attributed directly to incident response.
- Additional indirect operational losses likely exceeded that.
Marks & Spencer cyberattack (April 2025): weeks-long online disruption
Victims
- Marks & Spencer
- Customers affected by suspended online clothing orders
Suspected culprits (not proven)
- Reporting linked the wider retail campaign to actors associated with Scattered Spider.
- Attribution remains investigative, not judicially confirmed.
Effect
- Online clothing sales paused for weeks.
- Supply chain disruption.
- Confirmed access to some customer personal data.
Cost to put things right
- Estimated up to £300 million impact to operating profit.
- Insurance expected to offset some losses.
Retail operates on margins, not cushions. This hit hard.
Co-op cyberattack (April 2025): revenue and member data impact
Victims
- Co-op
- Members and customers whose personal data was compromised
Suspected culprits (not proven)
- Investigated within the same 2025 UK retail cyber cluster.
- Arrests announced, but no convictions at time of reporting.
Effect
- IT system disruption.
- Operational slowdowns.
- Confirmed member data exposure.
Cost to put things right
- Reported ~£206 million revenue impact.
- Reported ~£80 million operating profit hit.
Harrods cyber incident (May 2025): defensive shutdown measures
Victims
- Harrods
Suspected culprits (not proven)
- Described as attempted unauthorised access.
- Investigated alongside broader retail attacks.
Effect
- Internet access restricted across sites.
- Stores remained open.
- Security posture strengthened immediately.
Cost to put things right
- No publicly disclosed total.
- Likely included forensic support and system review costs.
Westminster & Kensington and Chelsea council cyber incidents (November 2025)
Victims
- Westminster City Council
- Royal Borough of Kensington and Chelsea
- Residents and businesses reliant on council systems
Suspected culprits (not proven)
- Councils confirmed criminal unauthorised access.
- No publicly named group in official statements.
Effect
- Systems isolated.
- Services disrupted.
- Westminster confirmed some data was copied and taken.
Cost to put things right
- No consolidated public figure.
- Recovery likely includes third-party incident response, system rebuild and prolonged IT remediation.
We have created Professional High Quality Downloadable PDF’s at great prices specifically for Small and Medium UK Businesses our main website. Which include various helpful Cyber related documents and real world scenarios your business might experience, showing what to do and how to protect your business. Find them here.
