UK retailer the Co-op has temporarily shut down parts of its IT system after identifying an attempted cyber attack just days after Marks and Spencer reported its own breach. In a letter seen by The Guardian, staff were informed that the group had “taken steps to keep systems safe” and had therefore “pre-emptively withdrawn access […]
UK retailer the Co-op has temporarily shut down parts of its IT system after identifying an attempted cyber attack just days after Marks and Spencer reported its own breach.
In a letter seen by The Guardian, staff were informed that the group had “taken steps to keep systems safe” and had therefore “pre-emptively withdrawn access to some systems for the moment,” including its call centre and back office.
The Co-op operates more than 2,500 supermarkets across the UK, in addition to 800 funeral homes, and also supplies food to Nisa convenience stores.
According to a spokesperson, shops and funeral homes continued to operate as normal following the incident.
“We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period,” they said.
“We are not asking our members or customers to do anything different at this point.”
In the message to staff, the Co-op stated that protecting its systems is of “paramount importance”, referencing “the recent issues surrounding M&S and the cyber-attack they have experienced”, though it did not clarify whether the attempted breach was identified as a result of the M&S cyberattack last week.
Industry response
Cybersecurity professionals have viewed Co-op’s reaction as swift and appropriate, noting the continued vulnerability of large retailers with complex digital infrastructures.
“The Co-op’s swift action to pre-emptively disable access to key systems reflects a mature, proactive incident response posture,” said Dray Agha, senior manager of security operations at Huntress.
“Shutting down virtual desktops and limiting backend functions, while disruptive, is often a necessary measure to contain threats before they escalate into full-scale breaches.”
Adam Casey, director of cybersecurity and CISO at Qodea, added: “Large retailers have intricate IT infrastructures with numerous interconnected systems, resulting in a high number of potential entry points for attackers.
“Shutting down affected systems is a standard and crucial step in managing a significant cyber incident. Isolating compromised systems limits the attacker’s ability to move laterally within the network and infect other critical infrastructure.
“Drawing operations to a halt also allows cybersecurity experts to safely analyse the affected systems, identify the root cause, and implement necessary fixes without the risk of further interference.”
Scott Dawson, CEO of DECTA, said that the incident highlights that businesses need to move from reactive patchwork to proactive resilience “engineering architected into every layer of IT strategy, or retailers will continue to pay the price.”
“Only then can retailers protect revenue streams, reputations and the trust of the millions who rely on them.”
M&S
The incident comes as UK food and clothing retailer M&S continues to face disruption to some of its customer-facing systems following a cyber attack last week.
The attack took its click-and-collect services and contactless payments offline, with shoppers still unable to access these features.
The retailer has lost a suspected £700m since the incident.
