The Co-op has been forced to shut down parts of its IT system after discovering an attempted hack only days after Marks & Spencer faced a serious cyber-incident.
In a letter to staff sent on Tuesday and seen by the Guardian, the mutual said it had “taken steps to keep systems safe” so had “pre-emptively withdrawn access to some systems for the moment”.
The group, which owns more than 2,000 grocery stores and over 800 funeral parlours as well as legal and financial services businesses, said the measures to protect its systems included the shutdown of some business services for teams running stores and its legal services division.
The stock monitoring system is understood to be one of those affected. One well-placed source said gaps could soon appear on shelves in some areas if the problem was not resolved fairly swiftly.
Some staff would not be able to work from home from Wednesday after remote access to some systems was blocked, the same source said.
The Co-op said all its stores, including rapid home deliveries, were trading as usual, as were its funeral homes.
The National Cyber Security Centre said it was “working with the Co-operative Group to support their response to a cyber incident”. It is understood to be working with M&S as well to fully understand the nature of both incidents, and is expected to examine any potential links.
Marijus Briedis, the chief technology officer at NordVPN, part of the cybersecurity software maker Nord Security, said it was unlikely to be a coincidence that two retailers had been targeted.
“In the space of just one week, we’ve seen two of Britain’s biggest retailers face a cyber-attack, which is a worrying sign of the direction that hackers are taking. They are not just after sensitive company information, they want customer data too,” he said.
A Co-op spokesperson said: “We have recently experienced attempts to gain unauthorised access to some of our systems.
“As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back office and call centre services.
“We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period.”
The Co-op said it was “not asking our members or customers to do anything differently at this point”, indicating that it is does not believe customer data has been accessed. It added: “We will continue to provide updates as necessary.”
One source said the shutdown had led to the closure of virtual desktops across the business, which was affecting a number of behind-the-scenes operations that required head office support, including updates on stock.
The problems emerged as M&S continues to battle major problems caused by a cyber incident that has been linked to the hacking collective Scattered Spider.
The Co-op did not say whether it had detected the attempts to attack its systems as a result of extra checks in the light of the M&S incident. However, it did tell staff that “protecting our systems is of paramount importance”, referring to “the recent issues surrounding M&S and the cyber-attack they have experienced”.
The attempted attack on its IT systems comes after the business said technology would play an important role in keeping down costs and tackling shoplifting.
The Co-op’s grocery stores are currently introducing technology including electronic shelf-edge pricing to save labour hours in stores and is expanding its fast-track online grocery deliveries.
Retailers and their suppliers have faced a series of cyber-attacks in recent years including Morrisons, which was affected by an incident at its tech supplier Blue Yonder in the run-up to Christmas last year.
In 2023, WH Smith was hit by an attack in which company data was accessed illegally, including the personal details of current and former employees. That came less than a year after a cyber-attack on WH Smith’s Funky Pigeon website forced it to stop taking orders for about a week.
