The retail industry is seeing an increase in its annual number cyberincidents as criminals are seeking a wider variety of data.
Verizon recorded 837 digital security incidents in the retail industry during 2024, including 419 with confirmed data disclosure. The annual 2025 Verizon Data Breach Investigations Report also reveals that the top patterns for retail cyberincidents were system intrusion, social engineering, and basic web application attacks, representing a combined 93% of all breaches.
Almost all recorded threat actors (96%) were external, with 3% internal and 1% working for partners of exposed retailers. All threat actors had a financial motive, with 9% also conducting some sort of espionage. There was a substantial year-over-year increase in the number of threat actors conducting espionage from only 1% in 2023.
The top three types of data (more than one type can be exposed in a single incident) compromised in retail breaches reported by Verizon – internal (65%), other (30%), and credentials (26%) – remained the same from 2023.
However, Verizon analysis indicates that retail breaches are less frequently focused on unlawfully obtaining payment card data (12% of all breaches) and shifting to other data types that are more accessible.
The top three retail cyberattack patterns as tracked by Verizon were system intrusion (including ransomware), social engineering (such as phishing emails), and basic web application attacks (fraudulent use and reuse of legitimate credentials, such as exploiting password weaknesses).
[READ MORE: How common are consumer data breaches?]