North-west headquartered retailer, the Co-op, has become the latest major chain hit by a cyber attack, with stores experiencing stock shortages and issues processing card payments.
The retailer has since confirmed that personal data of its members was accessed, although it believes this did not include passwords or financial information such as bank or card details.
In response to the cyber attack, Co-op shutdown a number of its back office systems which has led to empty shelves and with some stores unable to handle card payments on the 5th and 6th May. Khoury-Haq explained:
“The criminals that are perpetrating these attacks are highly sophisticated and our colleagues are working tirelessly to do three things: (1) protect and defend our Co-op, (2) fully understand the extent of the impact caused by the attack and (3) provide much needed information to the authorities that may help them with their investigations.
“Actively managing the severity of the attack has meant shutting down some of our systems to protect the organisation. That said, our front-line colleagues are focused on minimising any disruption that might be experienced by our members and customers.”
The attack on the Co-op is the latest to hit a UK retailer, following cyber attacks on M&S and Harrods in April. A criminal hacking group styled as DragonForce, told the BBC it is responsible for the Co-op attack, and it is believed the group’s ransomware was also used in the M&S cyberattack. A second hacking collective, Scattered Spider, largely comprising British and American young people has also been linked with the attack.
The National Cyber Security Centre (NCSC) and National Crime Agency (NCA) are currently investigating the incident, believed to have been sparked by a fake IT helpdesk call to a Co-op staff member that allowed hackers to gain access to IT systems.
Commenting on recent incidents, NCSC CEO Dr Richard Horne said:
“The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public.
“The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.
“These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”
Co-op becomes latest retailer hit by cyber attack 
New cyber laws to boost security requirements for data centres and MSPs 
John Lewis partners with independent music retailer to bring vinyl range to Cheadle store