You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily. Subscribe to our Newsletter
Advertisement

Co-op's cyber recovery begins as store shelves lie empty

Despite its stores lacking products on shelves, UK retailer Co-op has begun the recovery process following the cyber attack it suffered last week – with payment systems now reportedly restored.

Co-op's cyber recovery begins as store shelves lie empty
expand image

A number of stores were only receiving cash payments due to online payment systems being disabled in the aftermath of the cyber attack. However, Co-op said this has now been resolved.

However, the payment issues don’t seem to be the biggest problem facing Co-op customers – it’s empty shelves.

One customer reaching out to Co-op on X asked why stores were empty and why the store had not received an order for “about a week”, to which Co-op said it was experiencing technical issues.

“Your store may be experiencing some product availability issues, please bear with us while we work hard on fixing some technical problems we are experiencing,” said Co-op spokesperson Mel.

“We are continuing to serve our members and customers to the best of our ability, and we are sorry if this means you might not be able to buy some of your usual products from us.

“Thank you so much for your support.”

Additionally, Co-op confirmed earlier this month that customer data was accessed and exfiltrated by threat actors.

“As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems,” said the retailer.

“The accessed data included information relating to a significant number of our current and past members.”

“This data includes Co-op Group members’ personal data, such as names and contact details, and did not include members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.”

While Co-op has not named a threat actor behind the incident, the hack was claimed by the DragonForce ransomware gang.

According to the threat actors, the data of 20 million Co-op membership rewards customers was exfiltrated. They also claimed to have contacted Co-op executives, including the head of cyber security on Microsoft Teams.

DragonForce’s claim also lines up with previous claims made regarding two other major UK retailers that were breached in recent weeks.

According to an investigation by Marks & Spencer (M&S), which was breached last month, Microsoft, CrowdStrike, and Fenix24, threat actor Scattered Spider was behind the M&S incident.

Scattered Spider, or Octo Tempest as Microsoft calls them, is a hacking group largely made of teenagers and young adults believed to be based in the UK and the US. The group reportedly deployed the DragonForce ransomware in the M&S attack.

The DragonForce ransomware gang is believed to be working with English-speaking threat actors with tactics in line with Scattered Spider.

Additionally, DragonForce also claimed the cyber attack on UK retailer Harrods.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
You need to be a member to post comments. Become a member for free today!

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.