Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Following in the footsteps of UK retailer Marks & Spencer (M&S), a second major British retailer has suffered a cyber attack.
Co-op is a democratically member-owned food retailer based in the UK. In addition to its 2,300 good stores, it also provides legal, insurance and funeral care services.
Co-op Group disclosed the cyber attack on Wednesday (30 April), saying that it had detected unauthorised users attempting to access its systems.
“We have recently experienced attempts to gain unauthorised access to some of our systems. As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back-office and call centre services,” said a company spokesperson.
Co-op has not disclosed the nature of the incident but has said that other than disabling its back office and call centres, the business and its stores are operating as normal.
“All our stores – including quick commerce operations – and funeral homes are trading as usual. We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period,” said Co-op.
“We are not asking our members or customers to do anything differently at this point. We will continue to provide updates as necessary.”
The incident closely follows M&S suffering a cyber attack, resulting in a number of its systems being disabled.
“As soon as we became aware of the incident, it was necessary to make some minor, temporary changes to our store operations to protect customers and the business, and we are sorry for any inconvenience experienced,” the retailer said last month.
The group initially disabled its payment and click-and-collect systems, before then disabling all online sales through its app and website.
“As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps,” the company said.
M&S also advised that customers do not need to do anything at this stage.
However, in a post on X, one customer said they received a scam call using card details that they had used with M&S in the past.
“Yesterday I received a NoCallerID who wanted to scam me using my name and last 4 digits of my credit card. I hung up and wasn’t scammed. However, I tried to return an online order to M&S and their staff said systems were down. Now there’s an admission of a cyber attack,” said the customer.
“It transpires the card I paid M&S with is the one the scammers used against me. The scammer wanted access to my phone and wanted me to read a 6 digit code back to him. This would have given him access to all info on my phone. I hung up and called my bank myself. Be alert!”
While M&S did not disclose the nature of the incident nor identify a threat actor, multiple sources speaking to tech and cyber publication BleepingComputer have said that a ransomware attack is to blame for the “cyber incident” and that M&S’ systems were encrypted as a result.
According to the report, M&S engaged Microsoft, CrowdStrike, and Fenix24 for an investigation into the breach, which has so far concluded that Scattered Spider was behind the incident.
Scattered Spider, or Octo Tempest as Microsoft calls them, is a hacking group largely made of teenagers and young adults believed to be based in the UK and the US.
Threat actors reportedly gained initial access in February when they exfiltrated the Windows domain’s NTDS.dit file, allowing them to gain access to credentials and move laterally throughout the retailer’s systems.
Additionally, BleepingComputer was told that the threat actors encrypted virtual machines on 24 April after deploying the DragonForce ransomware on VMware ESXi hosts.
Be the first to hear the latest developments in the cyber industry.
