UK Retail Giant Co-op Shuts Down IT Systems After Cyberattack Attempt

The Co-operative Group has confirmed it shut down parts of its IT network after detecting an attempted cyberattack, in what is the latest incident to affect a major UK retailer. The move was described as precautionary and aimed at containing the threat before any systems could be compromised.

Although the shutdown affected internal functions such as virtual desktops, stock systems, and contact centre operations, Co-op reassured the public that all food stores, home delivery services, and funeral operations are running as normal.

“There is no evidence that customer data has been accessed,” the company said in a statement. “We took swift action to protect our systems and continue to monitor the situation closely.”

This incident follows a more disruptive attack on M&S (Marks & Spencer) earlier this month, which impacted contactless payments, and online orders, and led to temporary stock shortages. That breach was linked to the cybercriminal group known as Scattered Spider, which has previously targeted large organisations across the US and UK.

At this time, there is no confirmed connection between the two incidents, but cybersecurity analysts say the timing raises questions about coordinated threats aimed at UK retail.

Scattered Spider, also known for targeting MGM Resorts in 2023 and its social engineering tactics and use of legitimate IT tools for malicious purposes has gained notoriety for bypassing traditional security measures by targeting employees directly. Their suspected involvement in the M&S breach has prompted heightened alertness across the sector.

Co-op has brought in external cybersecurity experts and is working with law enforcement as part of an ongoing investigation. While the company has not provided a timeline for full system restoration, it emphasised that day-to-day operations will continue uninterrupted for customers.

Scott Dawson, CEO of payment processor DECTA, commented on the Co-op cyberattack, warning that “retailers can no longer afford to treat resilience as optional.” He pointed to recent breaches, including at Marks & Spencer, as evidence that outdated systems and fragmented security can’t withstand modern threats.

Dawson stressed the need for standardized resilience metrics and proactive, built-in recovery strategies, saying that without them, businesses risk system-wide breakdowns and lasting damage to customer trust.

The attack adds to growing concern over cybersecurity in retail, a sector increasingly targeted due to its reliance on digital infrastructure and high volumes of sensitive customer information.

Retailers are now facing increased pressure to balance seamless digital experiences with robust security controls. Co-op’s quick response may have prevented a more damaging breach, but it also reflects the rising frequency and sophistication of attacks facing businesses of all sizes.