Retailers are increasingly targeted by cyber criminals, putting vast amounts of customer data at risk, including personal information and payment details.
Not only can operational disruption from ransomware halt sales and cause financial loss, but cyber attacks can also damage brand reputation, leading to reduced loyalty and lost revenue.
After an attempted hack at the weekend, staff at the Co-op have been told they cannot access the company’s IT systems.
The internal email, which stressed that workers must “remain vigilant”, was first seen and reported by ITV News.
IT teams are at work across the Co-op’s systems.
This incident comes shortly after M&S experienced a significant cyber incident, which resulted in lost sales, a drop in shares and empty shelves in stores.
It is not known yet whether M&S’s cyber incident is related to the attempted hack that the Co-op is experiencing.
Spencer Young, SVP EMEA, Delinea, explains: “This week has seen cyberattacks affect two major UK retailers - and the quick succession of impact is concerning. The disruption caused by the attack on M&S, and now the Co-op, is significant.
“Attackers are reminding us that IT infrastructure remains vulnerable, especially if businesses fail to assess cyber risks and monitor access.
“Despite identity and credentials security growing in importance, there are still significant vulnerabilities that organisations need to address – particularly when it comes to remote.”
What do we know about the Co-op’s cyber attack?
The Co-op first discovered this attempted hack last weekend.
Now, the retailer has prevented entry to parts of its IT system to staff working from home to prevent the spread of damage.
According to ITV News, in a letter sent to the Co-op’s staff on Wednesday morning (30 April), the Co-op’s Chief Digital and Information Officer, Rob Elsey, said: “We’re currently dealing with an IT issue after our security controls and monitoring flagged third parties had made attempts to access our IT systems over the weekend."
He continued to explain to staff that they must not record or transcribe Microsoft Teams calls and be aware of any suspicious links or emails. Staff must also be on camera during all calls and not post any sensitive information into Teams chats.
If staff need to access work systems and tools, they are being told to go to a Co-op location.
Arda Büyükkaya, Senior Threat Intelligence Analyst at EclecticIQ, explains: “The cyberattack affecting the Co-op, which has forced the retailer to shut down parts of its IT system, is a stark reminder of how quickly cyber incidents can escalate and ripple through the sector.
“While possible links to the recent M&S breach are still under investigation, it’s clear that attackers are increasingly opportunistic, exploiting vulnerabilities across interconnected supply chains and systems.
Chief Security Officer & EVP Information Security, Tim Grieveson at ThingsRecon, adds: "The attempted hack affecting Co-op follows a week of high-profile cyber incidents impacting UK retailers.
This attempt should not go unnoticed and the swift incident response from the Co-op should be an example for all organisations to follow, not just those in the industry.
M&S’s cyber incident
The attempted cyber hack on the Co-op comes after M&S continues to handle its large cyber incident.
M&S confirmed it was experiencing a ‘cyber incident’ on 22 April after customers experienced challenges with click-and-collect services and contactless payments throughout Easter Weekend.
On 23 April, M&S stated it was not “currently processing contactless payments, we have paused the collection of Click & Collect orders in stores, and there may be some delay to online order delivery times.”
It ceased orders on its websites and apps on 25 April and, according to Sky News, told around 200 agency workers on 28 April not to come to work at M&S’s Castle Donington logistics centre for homewares and clothing.
According to sources from BleepingComputer, Scattered Spider is said to be responsible for M&S’s ongoing cyber incident.
We also know that the disruption is due to a ransomware attack.
Over half a billion pounds has dropped from the retailer’s value since the incident began and its share price has fallen by 6.5%.
Across stores, empty shelves still say "Please bear with us while we fix some technical issues affecting product availability."
The impact on the cybersecurity industry
The recent cyber incidents affecting both the Co-op and M&S are likely to accelerate investment in cybersecurity solutions by retailers, especially those who have underinvested in digital defences.
Regulators may respond with stricter compliance requirements, especially around third-party accountability and consumer data protection, driving demand for governance, risk and compliance (GRC) tools.
Both breaches will remind employees and organisations of the importance of cybersecurity awareness and training, prompting executives to invest in training platforms and consultancies.
Chris Burton, Head of Professional Services at Pentest People, explains: “It’s too early to know exactly what happened at Co-op, but from what’s been shared so far, it looks like there was an attempted intrusion, and in response, they shut down parts of their system. That kind of quick action suggests a preventative approach rather than a reaction to confirmed damage.
“Given the recent cyberattack on M&S, it wouldn’t be surprising if retailers are now on high alert. There’s likely a sense of “better safe than sorry” across the sector.”
Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.
Discover all our upcoming events and secure your tickets today.
Cyber Magazine is a BizClik brand
