The Co-op has disabled certain parts of its IT systems due to an attempted hacking incident.
download - 2025-04-30T084335.019.jpeg
The company reported that the "proactive measures" taken to defend against the attack have resulted in a "minor impact" on its call center and back office operations. At the same time, the Metropolitan Police have confirmed they are investigating the significant cyber attack on rival retailer Marks & Spencer (M&S). "Detectives from the Met's cyber crime unit are currently looking into the matter," they stated.
It remains unclear if there is any connection between the two incidents. The Co-op operates over 2,500 supermarkets throughout the UK, along with 800 funeral homes, and supplies food to Nisa stores. A spokesperson revealed that both the supermarkets and funeral services continue to operate normally despite the hacking attempt. "We are diligently working to minimize any disruption to our services and appreciate the understanding of our colleagues, members, partners, and suppliers during this time," the spokesperson added. "At this moment, we are not asking our members or customers to take any different actions." This security incident surfaces as M&S navigates the second week of a cyber attack that has severely impacted its operations, leading to significant financial losses due to diminished sales. The retailer has not disclosed the specific issue that compromised its online ordering systems and resulted in empty shelves across its stores. Ciaran Martin, the founding CEO of the National Cyber Security Centre (NCSC), discussed the matter on BBC Radio 4's Today program, emphasizing the "serious" ramifications for M&S. "It's a highly disruptive event and presents substantial challenges for them," he remarked. Experts have suggested to the BBC that the cyber attack affecting M&S may be attributed to a ransomware variant called DragonForce. Ransomware is malicious software that locks users out of their systems and scrambles their data, with perpetrators demanding payment to restore access. It is unclear whether the Co-op's discovery of the hacking attempt was prompted by heightened security measures implemented after the cyber attack on its competitor. Daniel Card, a cybersecurity expert at BCS, the chartered institute for IT, noted that it's "very rare" for a company to take systems offline following an attempted hack. "Taking systems offline typically indicates a loss of control or a defensive move against a zero-day vulnerability for which no patch has been developed," he explained. A "zero day" refers to an unknown vulnerability in a computer system, making it susceptible to exploitation. Previous hacking incidents have also targeted supermarket chains, including a notable event affecting Morrisons in December 2024. Additionally, banks such as Barclays and Lloyds experienced outages earlier in 2025.