Co-op, the retailer has revealed it was forced to proactively shut down parts of its IT system following an attempted cyber attack.
The mutual confirmed the security measure in a staff letter issued on Tuesday, stating the move was taken to “keep systems safe” by “pre-emptively withdraw[ing] access to some systems for the moment.”
The Co-op, which operates over 2,000 grocery stores, more than 800 funeral parlours, and legal and financial services, clarified that the precautionary shutdown has impacted some back-office functions and its legal services division. Crucially, the retailer assured the public that all its stores, including rapid home delivery services and its funeral homes continue to trade as usual.
A company spokesperson acknowledged the attempted unauthorised access, stating: “As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back office and call centre services.” The Co-op is actively working to minimise disruption and thanked colleagues, members, partners, and suppliers for their understanding.
Reassuring customers, the Co-op indicated it does not believe customer data has been compromised and stated there was no need for members or customers to take any action at this time. The company pledged to provide further updates as necessary.
Sources indicate the shutdown has led to the closure of virtual desktops across the business, affecting various behind-the-scenes operations reliant on head office support, including stock updates.
The timing of this attempted attack is particularly sensitive, taking place as M&S grapples with the fallout from a major cyber incident reportedly linked to the hacking collective Scattered Spider.
This incident underscores the increasing vulnerability of the retail sector to cyber threats. The Co-op’s recent focus on technology to reduce costs and combat shoplifting (see feature below), including the introduction of electronic shelf-edge pricing and expanded online grocery deliveries, highlights the growing reliance on digital infrastructure within the business.
“It is unlikely to be a coincidence that retailers are the target here. Businesses both large and small need to do more to enhance their cybersecurity by investing in advanced threat detection, conducting regular security audits, and encouraging all staff to be aware of the warning signs.
“According to the British Retail Consortium’s latest Crime Survey, a majority of UK retailers have experienced a rise in cyberattacks, with many reporting consistent year-on-year increases over the past decade.
“In the short term, customers may face delayed transactions, in-store or online outages, reduced availability of products, or confusion around loyalty schemes, such as vouchers and charity donations, which the Co-op is famous for among members.
“More significantly, these attacks can expose sensitive customer data — including payment information, contact details, and purchase histories — depending on which systems are compromised.
Although Co-op has not reported a data breach at this stage, the reputational damage and erosion of trust can be long-lasting if customer data is ever leaked or ransomed.”
