UK Ransomware Tracker
A free, citable dataset of disclosed ransomware and major data-breach incidents affecting UK organisations. Compiled by Firevault from ICO disclosures and verified press reporting. Updated quarterly.
6 UK incidents tracked. Cite as: Firevault UK Ransomware Tracker, fire-vault.com, accessed 3 July 2026.
| Organisation | Sector | Date | Records | Type | Source |
|---|---|---|---|---|---|
| NHS Scotland | — | 2026 | Undisclosed | Ransomware | Source |
| Marks & Spencer Major UK retailer suffered cyber attack affecting millions of customers |
Retail | 2025 | 9.4M | Cyber Attack | BBC News |
| Co-operative Group UK supermarket chain hit by significant cyber attack |
Retail | 2025 | Undisclosed | Cyber Attack | BBC News |
| Jaguar Land Rover Luxury car manufacturer targeted in cyber attack |
Automotive | 2025 | Undisclosed | Cyber Attack | Reuters |
| Royal Mail LockBit ransomware attack disrupted international mail services for 6+ weeks |
Logistics | 2023 | Operations halted | Ransomware | BBC News |
| British Library Rhysida ransomware attack caused £7M in damages and months of disruption |
Public Sector | 2023 | Undisclosed | Ransomware | The Guardian |
Methodology
Incidents are added when (a) the affected organisation has a UK presence and (b) the breach is confirmed by the organisation, the ICO, or two independent press sources. Data is reviewed and corrected continuously; corrections welcome at research@fire-vault.com.