Technology reporters
Some Co-op stores have been left with empty shelves as the retailer continues to feel the impact of a major cyber attack.
Stores are open and trading, however some are unable to accept contactless payments – with signs on doors telling customers it is “cash only”.
The disruption comes after the company admitted to the on Friday the attack on its systems had resulted in “significant” amounts of customer data being stolen.
A Co-op spokesperson told the deliveries to its stores were impacted by the “sustained malicious attempts by hackers to access our systems”.
“We are working around the clock to reduce disruption and resume deliveries,” they said.
Allow Twitter content?
“Some of our stores might not have all of their usual products available, and we would like to say sorry to our members and customers if this is the case in their local store,” they said.
Cyber criminals behind the attack claim to have the private information of 20 million people who signed up to Co-op’s membership scheme, but the firm has not confirmed that number.
The company said in April it had seen 22% growth in its active membership base to reach 6.2 million-member owners in 2024.
It has told customers visiting its website that it believes only members’ personal data such as names, contact details and dates of birth – not bank details, transaction information, or passwords – have been extracted.
Aside from the issues impacting deliveries, some shoppers have been unable to pay by card or contactless at Co-op shops since Monday – something the supermarket chain says is the case for a “small number” of its 2,300 stores.
“The majority of these have been already addressed and we expect the remaining stores to be fully addressed during the course of today,” a Co-op spokesperson said.
Payment problems
Shirine Khoury-Haq, chief executive of the Co-operative Group, apologised for the breach in a message to customers on Monday.
“This is obviously extremely distressing for our colleagues and members, and I am very sorry this happened,” she said.
“We recognise the importance of data protection and take our obligations to you and our regulators seriously, particularly as a member-owned organisation.”
The attack on the Co-op was revealed only days after Marks and Spencer said it had been targeted by ransomware.
It suspended online orders and took down several services as it struggled to respond to the incident.
Meanwhile, Harrods said on Thursday it had been hit by attempted attacks from hackers.
The National Cyber Security Centre (NCSC) has warned that criminals launching cyber attacks at British retailers are impersonating IT help desks to break into organisations.
