Introduction
The Co-operative Group (Co-op) recently faced a series of hacking attempts targeting its IT infrastructure, leading to precautionary measures to protect its systems. This incident highlights the ongoing cybersecurity challenges faced by major UK retailers and underscores the importance of robust security strategies.
Description
The Co-operative Group (Co-op) confirmed that it experienced ongoing hacking attempts targeting its IT infrastructure, prompting the organization to shut down several back-office and call center systems as a precautionary measure. While these proactive actions had a minor impact on certain internal services, all retail operations [4] [7] [8], including grocery stores [1] [10] [11], funeral homes [2] [3] [4] [7] [9] [10] [11], and quick commerce services [4], continued to function normally [2] [5] [8]. Customer-facing services [6] [9], including retail locations and deliveries [6], remained largely unaffected [9]. The company expressed gratitude to its staff and customers for their patience while it works to minimize service disruption and assured customers that no changes are required from them at this time. In a letter to staff [9], Co-op stated that these measures were taken to enhance security and contain the threat, resulting in limited disruptions [6] [8]. A spokesperson emphasized that there was no evidence of compromised customer information and expressed appreciation for those affected by the disruption.
Cybersecurity experts praised Co-op’s effective containment strategy, noting that disabling potentially compromised systems is a critical step in incident management, as it helps prevent attackers from moving laterally within the network [8]. Dray Agha [8], a senior manager of security operations at Huntress [8], commended Co-op’s swift action [8], highlighting that such measures [8], while disruptive [8], are often necessary to contain threats [8]. The company has not disclosed specific details about the nature of the attempted attack [9], including the initial attack vector or whether it involved data theft or ransomware, but assured that the situation has been contained to back-end systems [9].
In contrast [5], Scott Dawson [3] [5], CEO of DECTA [5], criticized the lack of resilience in retail systems [3], noting that the attack exposed significant weaknesses and called for businesses to adopt proactive resilience engineering in their IT strategies [3]. He warned that without standardized metrics and fail-safe recovery plans [3], retailers risk jeopardizing their operations and customer relationships [3]. This incident reflects a growing trend of cybersecurity challenges faced by major UK retailers in 2025 [9].
Meanwhile [10], the Metropolitan Police are investigating a separate cyber attack that has affected Marks and Spencer (M&S) [10], disrupting online orders and contactless payments [10], although it remains unclear if the incidents involving Co-op and M&S are connected [10]. The recent ransomware attack on M&S [7], linked to the hacker group Scattered Spider [1], resulted in significant operational disruptions [1], including issues with click-and-collect purchases and online orders [1], further emphasizing the importance of robust cybersecurity measures in the retail sector. Experts stress the need for other retailers to learn from both incidents to enhance their cybersecurity incident response plans [8], as the retail sector faces some of the highest initial ransomware demands [8], underscoring the necessity for preparedness to mitigate potential impacts from future cyber threats [8]. Co-op has committed to transparency as the situation develops and has advised the public to remain vigilant against phishing attempts that may impersonate the company or other retailers [4].
Conclusion
The Co-op’s response to the hacking attempts demonstrates the critical importance of swift and effective incident management in mitigating cyber threats. While the company successfully contained the threat, the incident serves as a reminder of the vulnerabilities within retail IT systems. It underscores the need for businesses to adopt comprehensive cybersecurity strategies, including resilience engineering and robust incident response plans, to safeguard operations and maintain customer trust. As cyber threats continue to evolve, retailers must remain vigilant and proactive in their security measures to protect against future attacks.
References
[1] https://inews.co.uk/news/co-op-shuts-down-it-system-over-hack-attempt-days-after-ms-cyberattack-3668351
[2] https://www.bbc.com/news/articles/c3wx092exlzo
[3] https://businesscloud.co.uk/news/co-op-latest-retail-giant-to-suffer-cyber-attack-after-ms/
[4] https://cyberinsider.com/co-op-food-supermarket-chain-hit-by-disruptive-cyberattack/
[5] https://www.infosecurity-magazine.com/news/co-op-confirms-hack-small-impact/
[6] https://www.insurancebusinessmag.com/uk/news/cyber/coop-cyber-incident-triggers-it-shutdown-533910.aspx
[7] https://www.techradar.com/pro/security/co-op-fending-off-hackers-by-shutting-down-it-systems
[8] https://www.computerweekly.com/news/366623455/Co-op-shuts-off-IT-systems-to-contain-cyber-attack
[9] https://www.gbnews.com/money/coop-cyber-attack-it-systems-marksandspencer
[10] https://www.gazette-news.co.uk/news/25128830.co-op-forced-shut-system-cyber-attack/
[11] https://www.inkl.com/news/co-op-shuts-off-parts-of-it-systems-after-attempted-hack
