The Co-operative Group has shut down parts of its IT infrastructure following a cybersecurity incident, underscoring the growing digital vulnerability within the UK’s retail sector.
The retail and services group, which operates over 2,000 food stores and provides insurance and funeral services, disclosed that it had detected an attempt to breach its IT systems. As a precaution, access to certain platforms was temporarily suspended to contain the threat.
In a communication to employees, the company said the action was intended to safeguard critical systems.
A spokesperson for Co-op confirmed the attempted intrusion and said the company had acted promptly to limit its impact.
“We have recently experienced attempts to gain unauthorised access to some of our systems. As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back office and call centre services, the spokesperson said, as reported by The Times. “We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners, and suppliers for their understanding during this period.”
Co-op reported that customer-facing operations, including retail locations and deliveries, were unaffected. It also stated that there was no evidence to suggest that customer information had been compromised.
According to The Guardian, the shutdown impacted employees’ ability to access virtual desktop environments, which in turn affected processes such as inventory tracking.
The Co-op breach follows a more severe disruption at Marks & Spencer, which suffered a cyberattack earlier this month.
That attack temporarily halted online ordering, caused contactless payment issues, and forced operational changes at distribution hubs. Nearly 200 agency staff at an M&S site in Leicestershire were sent home due to decreased order volume.
While M&S has not attributed the breach to a specific vulnerability, experts suggest remote access may have played a role.
“In hybrid environments, once a single weak device is compromised, the attacker can move rapidly through connected systems,” said Paul Walker, a cyber specialist at Forcientia. “The reality is that many companies don’t yet have full visibility over every endpoint in a hybrid setup.”
In response, M&S reportedly restricted access to virtual private networks (VPNs) used by remote employees.
The attack on M&S, suspected to involve the hacking collective known as Scattered Spider, reportedly targeted backend infrastructure and may have included the deployment of encryptors on virtual machines.
The company has notified the Information Commissioner’s Office and is working with the National Cyber Security Centre. It has also enlisted support from Microsoft, CrowdStrike, and Fenix24.
