Co-op Thwarts Cyber Attack Days After M&S Security Breach

Co-op has shut down portions of its IT infrastructure after detecting an attempted hack, coming just days after Marks & Spencer fell victim to a similar cyber assault. The timing raises questions about a potential coordinated campaign against British retailers.

The member-owned mutual took swift defensive action, notifying staff it had "taken steps to keep systems safe" and "pre-emptively withdrawn access to some systems for the moment."

Impact was limited to back-office operations and select teams managing supermarkets and legal services. Despite these measures, all customer-facing operations remained functional.

"All our stores (including quick commerce operations) and funeral homes are trading as usual," a Co-op spokesperson confirmed.

As the UK's fifth largest food retailer, Co-op's footprint extends across more than 2,500 grocery stores and 800 funeral parlours. The group also maintains diverse business interests including general insurance, legal services, a minority stake in The Co-operative Bank, and a travel joint venture with Thomas Cook.

"We have recently experienced attempts to gain unauthorised access to some of our systems," the Co-op spokesperson explained. "As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back office and call centre services."

The company emphasised customer continuity: "We are not asking our members or customers to do anything differently at this point. We will continue to provide updates as necessary."

This incident follows closely behind the severe IT meltdown at M&S, which prompted an investigation by the Metropolitan Police's cybercrime unit. That attack, reportedly orchestrated by a group known as Scattered Spider, has disrupted M&S operations for over a week.

Scattered Spider, allegedly comprising around 1,000 primarily British and American young men, has built a reputation for targeting major corporations. Industry sources report such criminal organisations typically demand ransoms reaching £10 million to restore system access.

Law enforcement response has been substantial, with detectives collaborating with the National Cyber Security Centre and the Information Commissioner's Office to investigate the M&S breach.

According to trade publication Bleeping Computer, "multiple sources" suggest Scattered Spider may have infiltrated M&S servers as early as February before executing their attack during Easter weekend.

The attack forced M&S to suspend its click and collect service, which continues to face disruptions.