For years, CISOs have focused on patching systems, hardening networks, and locking down endpoints. But in 2025, cyber-criminals have moved their crosshairs to a softer, more human target — the service desk.

Recent breaches at Marks & Spencer, Harrods, Co-op, and Jaguar Land Rover (JLR) have exposed a pattern: attackers no longer need to break down digital doors when they can simply call the helpdesk and ask for the keys.

This new wave of attacks exploits weak identity verification and overly helpful support staff — a combination that’s proving deadly for UK enterprises.

When customer trust is only one phone call away

In the Marks & Spencer breach, attackers reportedly impersonated senior managers to obtain access credentials from IT support. A similar technique was used in the Harrods compromise, where criminals phoned the internal helpdesk posing as a supplier and requested password resets for accounts with elevated privileges.

The Co-op incident followed the same pattern — an insider-style call convincing service-desk staff to “urgently verify” a user’s identity so a payroll system password could be reset. Within hours, threat actors had access to sensitive customer and employee data.

These incidents demonstrate how identity verification failures — not firewalls or zero-days — are now primary door openers. And with the rise of remote work, 24/7 outsourcing, and hybrid IT teams, attackers have more routes than ever to reach that door.

The JLR 2025 breach: hackers didn’t break in — they logged in

Perhaps the clearest example came from Jaguar Land Rover’s 2026 breach, which security researchers later dissected in detail.

According to Treblle’s analysis, this wasn’t a high-tech operation. There were no novel exploits or zero-day vulnerabilities. Instead, the attackers used a cocktail of social engineering, credential theft, and poor network segmentation.

“The breach was not the result of a sophisticated zero-day exploit, but rather the execution of well-known tactics: social engineering, credential abuse, weak segmentation, and inadequate detection.” — Treblle, JLR Breach Breakdown (2025)

The attack began with a vishing campaign — phone calls where hackers impersonated internal staff. Help desk staff were tricked into issuing passwords and other credentials, including some with admin privileges.

With those credentials, the attackers didn’t need to hack their way in. They logged in through the same systems every legitimate employee used. From there, they moved laterally, accessing confidential design documents, HR records, and internal communications.

In short: the hackers didn’t bypass security — they convinced it to open the door for them.

Why the service desk is now the perfect entry point

Every service desk’s job is to help — reset passwords, unlock accounts, and keep people working. That helpful nature, however, is exactly what social engineers exploit.

1. The human element: Staff are trained to be polite, fast, and customer-focused — not suspicious.
2. Pressure tactics: Attackers pose as senior leaders under “urgent” time constraints.
3. Procedural gaps: Many desks still rely on weak “identity verification” — like matching an email address or answering a single security question.
4. Complex ecosystems: With outsourced IT, cloud services, and hybrid environments, service-desk staff often lack visibility across systems, making it harder to validate real users.

The result? A phone call and a plausible story can sometimes achieve what weeks of technical intrusion cannot.

The Missing Layer: Strong Identity Verification Tools

Organizations cannot "patch" people, but they can patch the processes that protect them. This is where modern identity verification tools bridge the gap between human error and digital security.

Best-in-class solutions for Workforce Identity Verification go beyond simple questions. They combine multi-factor authentication (MFA), behavioral analytics, and dynamic contextual data to mathematically prove that a request is legitimate.

FastPass Identity Verification Manager (IVM) is a prime example of this specialized defense. Designed specifically for the service desk, it enforces a strict "verify-first" workflow. Agents are physically blocked from resetting passwords in Active Directory or Entra ID until the caller passes a dynamic, score-based verification challenge. Even if a social engineer sounds convincing, they cannot bypass the system’s enforced multi-factor checks.

When used correctly, these systems transform the helpdesk from your organization’s softest target into a hardened security checkpoint.

Evaluating the Best Identity Verification Software in 2026

As attacks rise, enterprises are rigorously reviewing their security stacks. The most critical step in evaluating software for 2026 is understanding the difference in verification categories:

• Customer Verification (KYC): Do you need to verify a stranger, citizen, or client? You need a KYC (Know Your Customer) solution that scans government IDs and documents.
• Workforce Identity Verification (IDV): Do you need to verify a known employee to restore productivity? You need a Workforce IDV solution that leverages existing internal data for speed and security.

If your focus is protecting your workforce, prioritize these six capabilities:

• Omnichannel Support: Verifies users seamlessly across phone, chat, and web portals.
• Deep Directory Integration: Connects natively with Active Directory, Entra ID, and hybrid environments.
• ITSM Productivity: Integrates directly into service management platforms like ServiceNow.
• Automated Compliance: Generates an unalterable audit trail for every credential action.
• User Experience: Balances high security with a friction-free experience for legitimate employees.
• Dynamic Security Controls: Enforces MFA and validates device health in real-time.

The best software doesn’t just verify identities—it insulates your brand from the devastating costs of insider impersonation and social engineering.

Lessons for every UK enterprise

The takeaway from M&S, Harrods, Co-op, and JLR is brutally simple: your next breach may start with a phone call.

Cybercriminals don’t need ransomware or exploits when they can charm a helpdesk operator into giving them access. Strong firewalls, SIEMs, and endpoint protection mean little if identity verification fails at the first human interaction.

As attackers refine vishing tactics using AI-generated voices and deepfakes, service-desk authentication needs to evolve just as fast.

How to defend your service desk

1. Deploy workforce identity verification software that automates user authentication using MFA, tokens, and corporate data checks.
2. Simulate attacks (ethical vishing exercises) to measure readiness.
3. Remove Privileged Rights from service desk agents: Only using validation tools like FastPass, reducing human judgment in credential recovery.
4. Segment networks to ensure stolen credentials can’t easily pivot across systems.

The bottom line

The breaches at some of Britain’s best-known brands are a wake-up call: the service desk has become the weakest link in modern cybersecurity.

Attackers no longer need to hack — they just need to talk.
Defending against that requires more than policy; it demands technology-backed identity verification that’s fast, reliable, and impossible to fake.

In 2026, the winners won’t just have the best firewalls — they’ll have the best identity verification software standing between their people and the next breach.

Brought to you by: