Delivery delays and empty shelves at Co-op after cyber attack

Some Co-op stores have been left with empty shelves as the major cyber attack the retailer is battling disrupts deliveries of fresh stock.

Stores are open and trading, however some were only able to accept cash payments on Monday and Tuesday – something the firm says is now resolved.

The disruption comes after the company admitted to the BBC on Friday the attack on its systems had resulted in “significant” amounts of customer data being stolen.

A Co-op spokesperson told the BBC deliveries to its stores were impacted by the “sustained malicious attempts by hackers to access our systems”.

“We are working around the clock to reduce disruption and resume deliveries,” they said.

“Some of our stores might not have all of their usual products available, and we would like to say sorry to our members and customers if this is the case in their local store,” they said.

Cyber criminals behind the attack claim to have the private information of 20 million people who signed up to Co-op’s membership scheme, but the firm has not confirmed that number.

The company said in April it had seen 22% growth in its active membership base to reach 6.2 million-member owners in 2024.

It has told customers visiting its website that it believes only members’ personal data such as names, contact details and dates of birth – not bank details, transaction information, or passwords – have been extracted.

Shirine Khoury-Haq, chief executive of the Co-operative Group, apologised for the breach in a message to customers on Monday.

“This is obviously extremely distressing for our colleagues and members, and I am very sorry this happened,” she said.

“We recognise the importance of data protection and take our obligations to you and our regulators seriously, particularly as a member-owned organisation.”

The attack on the Co-op was revealed only days after Marks and Spencer said it had been targeted by ransomware.

It suspended online orders and took down several services as it struggled to respond to the incident.

Meanwhile, Harrods said on Thursday it had been hit by attempted attacks from hackers.

The National Cyber Security Centre (NCSC) has warned that criminals launching cyber attacks at British retailers are impersonating IT help desks to break into organisations.