The Co-op Group has temporarily shut down sections of its IT systems in response to an attempted cyber attack, the company confirmed this week. The move was described as a “proactive measure” to prevent unauthorised access and has resulted in limited disruption to its back office and call centre operations.
Despite the incident, a Co-op spokesperson said that its 2,500 supermarkets and 800 funeral homes across the UK remain open and are operating normally. The company also supplies food to Nisa stores and reassured customers that they do not need to take any action at this time.
“We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period,” the spokesperson added.
The attempted breach at Co-op coincides with an ongoing cyber attack at Marks & Spencer (M&S), which has significantly impacted the high street retailer’s operations for over a week. The Metropolitan Police has launched an investigation into the M&S incident, confirming that detectives from its cyber crime unit are involved.
“There is currently no indication that the incidents at Co-op and M&S are connected,” a police spokesperson stated.
M&S is facing continued disruption to its digital services, with its online ordering system down and shelves in some stores reportedly empty. The company has yet to confirm the cause of the attack or provide a timeline for full recovery.
Cyber security experts believe the M&S breach may involve a ransomware group known as DragonForce. Ransomware is a form of malicious software that encrypts data and locks users out of systems until a ransom is paid to the attackers.
Ciaran Martin, founding Chief Executive of the National Cyber Security Centre (NCSC), described the M&S incident as a “serious” attack with significant operational consequences. Speaking on BBC Radio 4’s Today programme, he said: “It is a highly disruptive event and a very difficult one for them to deal with.”
The Co-op has not disclosed whether its decision to take IT systems offline was influenced by the M&S breach. However, Daniel Card, a cyber expert at BCS, the Chartered Institute for IT, told the BBC that such action is uncommon and could suggest a concerning level of risk.
“It’s very rare for a company to shut down systems entirely unless there’s a loss of control or serious threat,” Card explained.
Scott Dawson, head of payment processing firm Decta, echoed the concerns, stating that the hacking attempt “exposed alarming vulnerabilities” within retail IT infrastructure. “Retailers can no longer afford to treat resilience as optional, especially as these incidents become more frequent,” he said.
The NCSC has confirmed it is working with M&S following the attack and is continuing to advise UK businesses on cyber security measures. A spokesperson for the organisation said: “The NCSC routinely engages with a range of organisations about the cyber threats that the UK faces and regularly reminds them about the steps they can take to be as resilient as possible.”
The recent events follow a previous hacking incident involving Morrisons in December 2024, indicating a possible trend of increased targeting of UK supermarket chains by cyber criminals.
While investigations continue, both companies have urged patience from customers and staff as efforts to secure their systems progress. Retailers and other businesses are being urged to enhance their cyber defences and remain vigilant as attacks grow more sophisticated and damaging.
The incident occurred on the same day Labour leader Sir Keir Starmer addressed the audience at London Tech WeekGetty Images