Co-op convenience stores around the country are still facing shortages and empty shelves three weeks after a crippling cyberattack saw customer and employee data stolen and parts of the IT system shut down.
While the Co-op group has stated the company is in a recovery phase to replenish shelves, in reality many stores are struggling with delayed or partial deliveries, with print-outs apologising to customers visible in-store.
So what happened to have such an impact on their stores and what’s the latest on when matters will be back to normal?
Another cyber attack
In early May, Co-op released a statement apologising to customers after their data was hacked, and noted a week ago that they were beginning to restock shops gradually.
A BBC report containing a message reportedly from the attackers said Co-op “yanked their own plug” to stop the hackers accessing any further data or from imposing ransomware in the system.
Co-op isn’t the only company to have been targeted by cyber-criminals in recent weeks. The ongoing struggles of Marks & Spencer are well-documented, with disruption to their online sales expected to cost the business around £300m. While M&S is a public listed company, and thus was relaying financial information to shareholders, Co-op is owned by its members and is not subject to the same reporting rules.
Luxury goods firm Dior, a supermarket distributor, food maker Arla and department store Harrods have all been similarly affected by cyberattacks.
It has been widely reported that the same group is thought to be behind the criminal attacks on Co-op, M&S and Harrods.
Shelves and supply chains
After initially prioritising deliveries to shops in rural areas, Co-op brought their internal systems back online to restart their ordering and supply chain processes.
As the empty shelves show, this isn’t yet back at full capacity.
At one London Co-op branch on Wednesday, fresh produce was mostly stocked, but among frozen and dried goods there were far more widespread empty shelves.
When questioned, a member of staff explained that they were expecting a delivery that afternoon - but that it would contain around a third fewer products than usual, speaking of 20 “cages” of food rather than the usual 30 they would expect to get.
There was no change to internal communications processes to order more products now, the employee said, and systems were working normally.
Separate to these issues, Co-op suffered an IT error at the start of May which saw some customers buy food at vastly discounted rates or even for free.
When will Co-op be back to normal?
The London store employee expected shelves would “be back to normal over the weekend”, after at least one further expected delivery later this week.
A spokesperson for Co-op said: “Following the malicious third-party cyber-attack, we took early and decisive action to restrict access to our systems in order to protect our Co-op.
“We are now in the recovery phase and are bringing our systems gradually back online in a safe and controlled manner. Stock availability across our stores has improved and we continue to work closely with our suppliers.”
No further detail beyond Co-op’s earlier message to customers was provided, nor any detail over the economic impact that the supply issues might have on the wider business.
While the behind-the-scenes impact on the IT side of the business will doubtless be a more long-term issue, for customers at least it appears Co-op shops are on the road to recovery.
M&S website down as cyber attack disruption continues
After crossing the border for better schools, some parents are pulling their kids and leaving the US
Channel 4 boss urges Ofcom to be ‘brave’ and back public service broadcasters
UK retailer Marks & Spencer puts cyberattack cost at $400 million with disruptions ongoing
