Social Media, Shoplifting and Cybercrime

According to figures published in the ONS Crime Survey on 19 October, the rate of shop theft in the UK increased by 25 percent in the year ending June 2023.  The Association of Convenience Stores (ACS), meanwhile, reported more than 1.1m instance of theft in 2022, with many carried out by organised gangs.

Shoplifting can also of course be the work of people addicted to drugs or alcohol, opportunistic thieves, or due to poverty: the cost-of-living crisis is frequently cited as one reason for the uptick in incidents.

However, in recent months reports of widescale looting have emerged, with gangs of youths rampaging through the streets in popular shopping areas. One such example, seen in August, involved large groups of young people massing together to target JD Sports and other retail stores in Oxford Street, London. This and other such events were heavily promoted in videos on TikTok and other platforms, demonstrating how social media can serve as a vehicle for the organisation of violent disorder and law-breaking. In one video for the “Oxford Circus JD robbery”, prospective looters were urged to follow the “dress code” of balaclavas and gloves, and the following warning was posted: “Don’t come if you can’t run. Don’t bring any weapons.”

Incidents such as these have not only been seen in the UK. Also in August, gangs escaped with $100,000 worth of goods stolen from a Nordstrom outlet in Los Angeles, while the Yves Saint Laurent store in Glendale, California lost merchandise worth $300,000. Such attacks were again believed to have been largely organised on social media. 

TikTok denied responsibility for the Oxford Street campaign. Nevertheless, Donna Jones, the chair of the Association of Police and Crime Commissioners (APCC), called on the platform to mount a thorough investigation into the incident. “If I was a person in charge of governance of TikTok at the moment, I would be running an investigation to find out what has happened, particularly as there are very well known social media influencers on that particular social media channel who are linked directly to what happened in Oxford Street.”

Politicians have responded to these worrying increases in theft and disorder in predictable ways. Home Secretary Suella Braverman said those responsible for the riot should be “hunted down and locked up“. Speaking for the opposition, Yvette Cooper pledged to introduce 13,000 more police officers, and to end the current government’s rule which lets off shoplifting gangs for repeat thefts of less than £200.  

Facial recognition technology

In London, the Metropolitan Police has begun using facial recognition technology, something which Commissioner Sir Mark Rowley has described as “game-changing”. The technology takes only a minute to match CCTV pictures of shoplifting suspects with those held by the police. A government minister has proposed expanding this further by using passport photos alongside law enforcement databases: this suggestion has come under sustained criticism from privacy campaigners.

In a similar initiative, ten of the largest UK retailers have launched Project Pegasus, under which police will run CCTV pictures of shoplifting incidents provided by the retailers via the Police National Database.

However, the use of facial recognition technology is not new. In 2020 it was deployed in 18 branches of the Co-op in the south of England to scan people entering stores in an aim to reduce theft and antisocial behaviour. At the time, the Court of Appeal ruled that its use was unlawful in various ways.


The retail industry is currently facing its most challenging time of the year. As well as having to respond to the increase in physical instances of shoplifting, Black Friday, Cyber Monday and Christmas are fast approaching, posing a range of online threats as cybercriminals take the opportunity to target businesses during the holiday period. These attacks can range from simple phishing campaigns designed to lure busy employees into clicking on links which will lead to malicious malware being downloaded, through to ransomware attacks aiming to encrypt all data held and possibly leading to a complete halt in business.

Credit card skimming is a particularly popular tactic. Vulnerabilities and weaknesses in Magento, Shopify, WooCommerce, WordPress and other such platforms used by the retail industry are exploited to compromise websites with malicious skimming code, with threat groups such as those operating under the name of Magecart all using similar techniques to steal shoppers’ card data, which will then be sold on various darknet carding sites.   

On the high street, retailers share information when groups of thieves are in the vicinity. These companies should take the same proactive stance when it comes to cyber-attacks: if they identify attempts to breach their websites or if they suffer a ransomware attack or other data compromise, they should warn similar businesses immediately.

Customers also have a responsibility to understand how they can protect their own security online, including such basics as using different passwords across accounts, and making efforts to recognise fake websites, phishing emails or Facebook scams. If something looks too good to be true, the chances are it is. 

Scroll to Top