The Co-op had to shut down parts of its IT system after discovering an attempted hack just days after Marks & Spencer faced a cyber attack, it was revealed today.
The member-owned mutual told staff it had ‘taken steps to keep systems safe’ and therefore had ‘pre-emptively withdrawn access to some systems for the moment’.
The group shut down some services for teams running supermarkets and its legal division – but all stores, deliveries and funeral homes continued trading as usual.
Co-op, which is the UK’s fifth biggest food retailer, owns more than 2,500 grocery stores and more than 800 funeral parlours.
It also owns a general insurance and legal services business, and has a minority shareholding in The Co-operative Bank.
Alongside this, Co-op has a joint-venture travel business with Thomas Cook.
A spokesperson for the Co-op said: ‘We have recently experienced attempts to gain unauthorised access to some of our systems.
‘As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back office and call centre services.
‘All our stores (including quick commerce operations) and funeral homes are trading as usual.
‘We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period.
‘We are not asking our members or customers to do anything differently at this point.
‘We will continue to provide updates as necessary.’
The attempted hack comes just days after Metropolitan Police’s cybercrime unit were called in to probe a devastating IT meltdown at M&S.
A shadowy group operating under the name Scattered Spider was said to be behind the attack, which has crippled the retailer for more than a week.
The collective, thought to be made up of 1,000 mainly British and American youths and young men, has already gained global notoriety for a slew of attacks on major brands, with a cyber security expert warning it poses a ‘sophisticated threat’.
Such criminal outfits typically demand up to £10million in ransom for returning full access to firms, say industry sources.
Detectives have been working alongside the National Cyber Security Centre and data watchdog the Information Commissioner’s Office (ICO).
Trade website Bleeping Computer said ‘multiple sources’ pointed to Scattered Spider having gained access to M&S’s servers as far back as February before putting their plan into action over Easter.
As a result M&S paused its click and collect service, where customers order items online for collection from a shop. These orders are still being hit.
The Co-op had to shut down parts of its IT system after discovering an attempted hack just days after Marks & Spencer faced a cyber attack, it was revealed today
