The Co-op has deactivated portions of its IT infrastructure following an attempt by cybercriminals to breach its systems.
The company described these actions as “proactive measures” to counter the threat, noting they have had only a “minor impact” on call centre operations and back-office functionality.
Simultaneously, the Metropolitan Police has confirmed that it is investigating a significant cyber incident affecting Marks & Spencer (M&S).
“Detectives from the Met’s cyber crime unit are currently conducting enquiries,” the force said in a statement.
No direct link has been established between the two events at this time.
The Co-op operates over 2,500 supermarkets and 800 funeral homes throughout the UK, in addition to supplying food to Nisa stores.
A spokesperson confirmed that both retail stores and funeral services remain fully operational despite the attempted breach.
“We are working diligently to minimise service disruption and deeply appreciate the cooperation of our colleagues, members, partners, and suppliers during this time,” the spokesperson added.
“At present, no action is required from our members or customers.”
The update comes as M&S enters a second week grappling with a cyber attack that has disrupted operations and reportedly resulted in millions in estimated lost revenue.
The chain has not provided specifics about the nature of the incident that crippled its online ordering systems and led to stock shortages in stores.
Ciaran Martin, founding Chief Executive of the National Cyber Security Centre (NCSC), told BBC Radio 4’s Today programme on Wednesday that the attack had “serious” implications for M&S.
“It is a deeply disruptive incident and poses significant challenges for the company,” he explained.
BBC sources indicate experts suspect the M&S breach involves ransomware known as DragonForce.
Ransomware is a form of malicious software that prevents access to a system or data, demanding payment to restore functionality.
It remains unclear if the Co-op identified the intrusion through enhanced monitoring in the wake of the attack on its retail competitor.
Daniel Card, a cyber security specialist at BCS, the Chartered Institute for IT, commented that it was “quite uncommon” for a business to take systems offline after a suspected hack.
Speaking to the BBC, Card said such action typically reflects a “loss of control” over those systems.
Scott Dawson, head of payment processing at Decta, noted that the incident “highlights significant vulnerabilities” and should prompt greater vigilance across the sector.
“Retailers can no longer consider resilience optional, as these incidents become increasingly common,” he warned.
Supermarkets have been targets of similar cyber threats before, with Morrisons among those affected by a cyber incident in December 2024.
M&S has reported its cyber attack to the National Cyber Security Centre (NCSC).
The BBC understands the agency is encouraging all retailers to remain alert to potential threats.
An NCSC spokesperson stated: “The NCSC routinely works with a broad range of organisations on cyber threats facing the UK and consistently advises on measures to boost resilience.”
Subscribe to our Tech Decoded newsletter to stay informed about major tech developments and trends. Non-UK readers can sign up here.
A new report warns that the lack of comprehensive data around cash acceptance could push the UK closer to a cashless future.
The BBC has learned that food supplies are expected to return to normal by week’s end.
Adidas has stated that tariffs enacted under US President Donald Trump are anticipated to drive up prices for consumers in the United States.
Online ordering has been suspended on the retailer’s website and app since last Friday.
The company has halted online sales for both food and clothing across its platforms.