OFFLINE
Another major supermarket forced to shut down IT system after hack attempt following huge M&S cyber attack
This incident comes just days after a similar attack targeted M&S
ANOTHER major supermarket chain has been forced to shut down part of its IT system after a hacking attempt.
The Co-op, which operates over 2,000 grocery stores and 800 funeral homes, has closed part of its IT system following the attempted cyber attack.
1
This incident comes just days after a similar attack targeted Marks & Spencer, causing significant disruption.
The Co-op confirmed the attempted breach in a letter to staff on Tuesday, stating it had "taken proactive steps to keep our systems safe", according to .
This included restricting access to certain systems, impacting some back-office functions and call centre services.
According to one source, the shutdown resulted in the closure of virtual desktops across the organisation, disrupting several behind-the-scenes operations reliant on head office support, such as stock updates.
Read more in money
However, the retailer has stressed that there is no indication that customer data has been compromised.
It added that stores, and funeral homes, remain open and operating as usual.
A spokesperson said: "We have recently experienced attempts to gain unauthorised access to some of our systems.
"As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back office and call centre services.
Most read in Money
"We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period."
The Co-op did not say whether it had detected the attempts to attack its systems as a result of extra checks in the light of the M&S incident.
However, it did tell staff that "protecting our systems is of paramount importance", referring to "the recent issues surrounding M&S and the cyber-attack they have experienced".
All iPhone and Android users must switch on two settings to stop bank-raiding attack – worrying sign means it’s too late
What is a cyber attack?
A CYBER attack is any deliberate attempt to disrupt, damage, or gain unauthorised access to computer systems, networks, or digital devices.
These attacks can target individuals, businesses, or even governments, and their motives can range from financial gain to political disruption.
Cyber attacks can take many forms, employing various techniques to achieve their malicious goals.
Common types of cyber attacks include:
- Malware: Malicious software designed to damage or gain control of a system. Examples include viruses, worms, ransomware, and spyware.
- Phishing: Deceptive attempts to trick individuals into revealing sensitive information such as usernames, passwords, or credit card details, often through fake emails or websites.
- Denial-of-Service (DoS) Attacks: Flooding a network or server with traffic to overwhelm its resources and make it unavailable to legitimate users.
- SQL Injection: Exploiting vulnerabilities in website databases to gain unauthorised access to data.
- Ransomware: Malware that encrypts a victim's data and demands a ransom for its release.
- Social Engineering: Manipulating individuals into performing actions or divulging confidential information.
What's happened at M&S?
M&S has been experiencing significant disruption following a cyber incident, affecting contactless payments, click-and-collect services, and online orders across the UK.
The problems began on Saturday, April 19, with customers unable to collect purchases or return items.
By Monday, April 21, M&S acknowledged the attack, apologised for the inconvenience, and engaged cybersecurity experts while notifying the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO).
The criminals suspected to be behind the attack are known collectively as "Scattered Spider" - one of the most prolific cybergangs of the past 18 months.
The gang specialises in ransomware - a type of attack designed to steal information or access in exchange for a sum of money.
They have been gaining a reputation for targeting large, customer-facing organisations through social engineering and identity-focused tactics.
"While they are not as well-resourced as some nation-state actors or long-established ransomware syndicates, Scattered Spider is far from "small fry," Jamie Akhtar, CEO and Co-founder at CyberSmart, told The Sun.
"Scattered Spider, also tracked as UNC3944, has become one of the most active and disruptive threat actors in the last 18 months.
"This is a group known not for sheer technical sophistication, but for their ability to manipulate access, often by impersonating employees or exploiting multi-factor authentication systems."
Their most high-profile hack was the attack on Caesars Entertainment and , two of the largest casino and gambling companies in the US.
Despite M&S' efforts to restore systems, disruptions continued throughout the week, forcing the retailer to make operational adjustments, including suspending online and app orders on Friday, April 24.
This decision led to a 5% drop in the company’s share price.
As of yesterday, shoppers reported empty shelves in some stores, highlighting the ongoing fallout from the cyber attack.
Staple items including bananas, fish, and the iconic Colin the Caterpillar cakes have even become hard find in some shops.
When questioned, staff suggested that the supply disruptions were connected to a cyber attack.
An M&S spokesperson said: "As part of our proactive management of the incident, we took a decision to take some of our systems temporarily offline.
"As a result, we currently have pockets of limited availability in some stores.
Read More on The Sun
"We are working hard to get availability back to normal across the estate."
M&S has yet to confirm the specific nature of the cyber breach.
Timeline of cyber attack
- Saturday, April 19: Initial reports emerge on social media of problems with contactless payments and click-and-collect services at M&S stores across the UK. Customers experience difficulties collecting online purchases and returning items due to system issues.
- Monday, April 21: Problems with contactless payments and click-and-collect persist. M&S officially acknowledges the "cyber incident" in a statement to the London Stock Exchange. CEO Stuart Machin apologises for the disruption and confirms "minor, temporary changes" to store operations. M&S notifies the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO) and engages external cybersecurity experts.
- Tuesday, April 22: Disruptions continue. M&S takes further systems offline as part of "proactive management".
- Wednesday, April 23: Despite earlier claims of customer-facing systems returning to normal, M&S continues to adjust operations to maintain security. Contactless payments are initially restored, but other services, including click-and-collect, remain affected.
- Thursday, April 24: Contactless payments and click-and-collect services are still unavailable. Reports surface suggesting the attackers possibly gained access to data in February.
- Friday, April 25: M&S suspends all online and app orders in the UK and Ireland for clothing and food, although customers can still browse products. This decision leads to a 5% drop in M&S's share price.
- Monday, April 28: M&S is still unable to process online orders. Around 200 agency workers at the main distribution centre are told to stay home.
- Tuesday, April 29: Information suggests that the hacker group Scattered Spider is likely behind the attack. Shoppers spot empty shelves in selected stores.
Topics
