Co-op Shuts Down IT Systems After Attempted Hack

Uploaded on 2025-05-01 in TECHNOLOGY--Hackers, FREE TO VIEW

The Co-op has become the latest major retailer to shut down part of its IT system after discovering an attempted hack only days after Marks & Spencer's serious shut-downs.  

The Co-op, which is the UK's fifth biggest food retailer, owns more than 7,000 stores, said the measures to protect its systems included the shutdown of some business services for teams running stores and its legal services division.

The Co-op’s grocery stores are currently introducing technology including electronic shelf-edge pricing to save labour hours in stores and is expanding its fast-track online grocery deliveries.

The Co-op said all its stores, including rapid home deliveries, were trading as usual, as were its funeral homes.
The attempted attack on its IT systems comes after the business said technology would play an important role in keeping down costs and tackling shoplifting.

The stock monitoring system is understood to be one of those affected. One well-placed source said gaps could soon appear on shelves in some areas if the problem was not resolved fairly swiftly. Some staff would not be able to work from home from Wednesday 30th April after remote access to some systems was blocked.

The National Cyber Security Centre (NCSC) said it was working with the Co-op in response to a the cyber incident. It is also working with M&S and is expected to examine any potential links.

One source said the shutdown had led to the closure of virtual desktops across the business, which was affecting a number of behind-the-scenes operations that required head office support, including updates on stock.
The problems emerged as M&S continues to battle major problems caused by a cyber incident that has been connected to Scattered Spider hacking group.   

Retailers and their suppliers have faced a series of cyber-attacks in recent years including Morrisons, which was affected by an incident at its tech supplier Blue Yonder in the run-up to Christmas last year.

In expert comment, Tim Grieveson, CSO & EVP Information Security at ThingsRecon, said "The attempted hack affecting Co-op follows a week of high-profile cyber incidents impacting UK retailers. This attempt should not go unnoticed and the swift incident response from the Co-op should be an example for all organisations to follow, not just those in the industry."
 
“While details are still emerging, this event shows the need for proactive resilience and robust cybersecurity measures. Businesses must move forward with layered security defenses, regular employee training, and comprehensive incident response plans to mitigate major disruption caused by such attacks...

Additional measures such as mapping out potential entry points by understanding the extent of your supply chain will reduce exposures and minimise the likelihood of cyber incidents in the first place.” Grievson concluded.

In 2023, WH Smith was attacked in which company data was accessed illegally, including the personal details of current and former employees. The latest Cyber Security Breaches Survey, published by the government earlier this month, showed that four in 10 businesses were affected by a cyber attack in the last year. 

Bloomberg   |   Guardian   |   STV   |   BBC   |   MSN   |  Independent 

Image: @coopuk

You Might Also Read: 

Enterprise Cybersecurity Today: A Vast Landscape To Secure:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Attack On M&S Reverberates Three Weeks Later
Mastering Security In An Era Of Regulatory Shifts »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Imperva

Imperva

Imperva is a leading provider of data and application security solutions including DDoS protection, Web application security, Data security and Cloud security.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

Innovative Solutions (IS)

Innovative Solutions (IS)

Innovative Solutions is a specialized professional services company delivering Information Security products and solutions for Saudi Arabia and the Gulf region.

Chronicle

Chronicle

Chronicle products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both.

Asia Data Destruction (ADD)

Asia Data Destruction (ADD)

ADD is the leading IT Assets Disposal and Data Destruction Company in Thailand.

Cybil

Cybil

Cybil is a publicly-available portal where members of the international cyber capacity building community can find and share information to support the design and delivery of programs and projects.

senhasegura

senhasegura

senhasegura is a global Privileged Access Management vendor. Our mission is to eliminate privilege abuse in organizations around the globe and build digital sovereignty.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

Ibento Global

Ibento Global

Ibento organises the CyberX series of cybersecurity conferences.

Acronis

Acronis

At Acronis, we protect the data, applications, systems and productivity of every organization – safeguarding them against cyberattacks, hardware failures, natural disasters and human errors.

CyberTest

CyberTest

CyberTest offers cybersecurity consulting and penetration testing services that helps organizations and businesses securing their assets.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

Staley Technologies

Staley Technologies

Staley Technologies is a US nationwide structured cabling, technology integrator, and Managed IT & Cyber Security provider.

LeakSignal

LeakSignal

At LeakSignal, we transform the way you monitor and protect your data. We provide unparalleled visibility and control over your sensitive data flows.

Blaze Networks

Blaze Networks

Blaze are a security-focused Managed Services Provider delivering communications and IT services to businesses across the UK.