In a digital economy where trust is currency, the spring of 2025 dealt a crushing blow to consumer confidence in some of the world’s most recognized retail brands. A coordinated wave of cyberattacks impacted major players like Victoria's Secret, Britain's Marks & Spencer (M&S), Harrods, Adidas, and others. The breaches not only disrupted online services but exposed personal customer data, crippled loyalty programs, and revealed glaring weaknesses in the cybersecurity infrastructures of these corporations.

This new era of cyber threats signals that traditional cryptographic defenses are no longer sufficient—and it brings post-quantum cryptography (PQC) into sharp focus as a critical security solution.

Read QuantumGenie's other industry insights here.

A Wake-Up Call for the Retail Industry

Retailers operate at the intersection of customer experience and sensitive data. Every transaction involves personal information, payment credentials, and behavioral analytics. This makes retailers prime targets for cybercriminals who now leverage increasingly advanced techniques—ranging from social engineering and ransomware to zero-day exploits and backdoor malware.

In April and May 2025, several breaches made headlines:

• Victoria’s Secret temporarily shut down its website due to a cyberattack that compromised backend systems. The company responded quickly, bringing in forensic investigators, but the outage lasted days—costing untold revenue and shaking customer loyalty.

• Marks & Spencer (M&S) suffered an attack allegedly linked to the hacker group “Scattered Spider,” which infiltrated the system via a third-party contractor. As a result, in-store inventory syncing failed, online orders stalled, and the popular Sparks loyalty scheme was disrupted. Early estimates suggest the breach could cost M&S upwards of £300 million in lost revenue and remediation.

• Adidas, Harrods, and several grocery and fashion retailers also reported simultaneous or near-simultaneous cyber incidents, adding to speculation that these attacks were part of a broader coordinated offensive.

The scale and precision of these breaches suggest an evolution in cyberattack sophistication—one that current encryption methods may no longer be able to withstand.

Read QuantumGenie's other industry insights here.

The Cryptographic Weak Link

Much of today's internet security relies on classical public-key cryptography—specifically RSA, ECC (Elliptic Curve Cryptography), and DH (Diffie-Hellman). These systems are considered secure only under the assumption that adversaries use classical computers. However, with advancements in quantum computing—still nascent but rapidly progressing—those assumptions are becoming obsolete.

Quantum computers, once fully capable, could break RSA-2048 encryption in hours or even minutes using algorithms like Shor’s. While large-scale quantum computers aren't mainstream yet, attackers can exploit a “harvest now, decrypt later” strategy—stealing encrypted data today with the intention of decrypting it once quantum computing becomes viable.

This means even if customer data stolen in these attacks wasn’t decrypted in 2025, it could be in 2028 or 2030—when that data might still be valid and valuable.

Read QuantumGenie's other industry insights here.

How Post-Quantum Cryptography Can Help

Post-Quantum Cryptography refers to cryptographic algorithms designed to resist attacks from both classical and quantum computers. These algorithms, such as ML-KEM (Kyber) and ML-DSA (Dilithium), have already been standardized (or are in the process of standardization) by the National Institute of Standards and Technology (NIST).

Here’s how PQC could have made a difference in the recent retail cyberattacks:

1. Resilient Data Protection

Retailers store vast amounts of sensitive data—from payment card info to purchase histories and home addresses. PQC-based encryption can secure this data even against adversaries with access to future quantum computing resources.

2. Secure Third-Party Integrations

The M&S breach originated from a third-party contractor—an increasingly common attack vector. PQC can encrypt API calls, credential exchanges, and inter-service communications with algorithms immune to both current and future cryptanalytic techniques.

3. Quantum-Safe Identity Verification

Using digital signature algorithms like Dilithium can improve the robustness of authentication and prevent credential spoofing, one of the primary ways hackers gain unauthorized access.

4. Long-Term Data Confidentiality

Even if retailers rotate their encryption keys regularly, any stolen encrypted data could be compromised in the future if it's protected by traditional cryptography. PQC ensures that such data remains safe indefinitely.

Read QuantumGenie's other industry insights here.

Challenges in Implementing PQC

While PQC holds enormous promise, it also introduces new challenges:

• Larger Key Sizes: PQC algorithms typically use larger keys and signatures, which can strain system performance and increase storage requirements.

• Backward Compatibility: Integrating PQC into legacy systems requires careful planning to ensure compatibility across diverse devices and platforms.

• Education and Awareness: IT teams need to be trained on these new cryptographic paradigms to deploy and maintain them effectively.

Despite these hurdles, many platforms—including Windows, Linux, and major cloud providers—have begun rolling out support for PQC algorithms, enabling organizations to test and gradually integrate them into production systems.

The Road Ahead: What Retailers Must Do Now

To prevent future breaches of this magnitude, especially as quantum computing draws nearer, the retail sector must take the initiative. Here are practical steps companies should begin today:

1. Inventory Cryptographic Assets Audit all encryption and key management systems to understand where vulnerabilities may lie.

2. Implement Hybrid Cryptography Use hybrid algorithms that combine classical and post-quantum methods, offering protection during the transition period.

3. Collaborate With Cybersecurity Experts Partner with vendors and advisors who are actively engaged in PQC research and deployment.

4. Plan for Migration Develop a phased roadmap for adopting PQC, including pilot testing, performance benchmarking, and long-term scaling.

5. Participate in Standards Development Engage with industry consortia and public-private partnerships working on PQC implementation to stay aligned with evolving best practices.

Read QuantumGenie's other industry insights here.

Conclusion

The 2025 wave of retail cyberattacks is a wake-up call not only for the industry but for all sectors reliant on digital infrastructure. As the threats become more advanced and quantum computing looms on the horizon, traditional defenses are no longer enough.

Post-Quantum Cryptography offers a lifeline—one that retailers must urgently begin to explore and adopt. The cost of inaction isn't just lost revenue or downtime; it's the long-term erosion of trust in digital commerce.

Retailers who act now will not only better protect their customers—they will lead the industry into a safer, quantum-secure future.