Co-op has confirmed that it was forced to shut down parts of its systems following an attempted cyber intrusion, raising fresh concerns over the growing wave of cyberattacks targeting the UK retail sector.
The incident, which emerged late last week, reportedly disrupted access to some of Co-op’s backend systems and virtual desktops. While customer-facing services, such as in-store shopping and payments, appeared largely unaffected, the disruption sparked concern among staff and customers, with some reports of delays in stock deliveries and internal communications.
Although Co-op has yet to release full details, early indications suggest that the company took swift precautionary measures after detecting suspicious activity on its network. This move may have helped contain the threat before it caused serious damage. The hack comes on the heels of the high-profile cyberattack on Marks & Spencer (M&S), which has put many UK retailers on heightened alert in recent weeks.
Chris Burton, Head of Professional Services at Pentest People, commented: “It’s too early to know exactly what happened at Co-op, but from what’s been shared so far, it looks like there was an attempted intrusion, and in response, they shut down parts of their system. That kind of quick action suggests a preventative approach rather than a reaction to confirmed damage. Given the recent cyberattack on M&S, it wouldn’t be surprising if retailers are now on high alert. There’s likely a sense of ‘better safe than sorry’ across the sector.
“Retailers, especially large supermarket chains, are considered part of the UK’s Critical National Infrastructure under the food and drink category. That makes them more attractive to threat actors, particularly when compared to more obvious targets like energy or defence, which tend to be better defended. So, does this feel like a knee-jerk reaction? Possibly, but understandably so. With recent events fresh in mind, shutting things down at the first sign of trouble is a sensible move. Right now, it seems any unusual behaviour within a system is enough to trigger a shutdown. It’s clear the retail sector is feeling the pressure and acting with caution.”
Dray Agha, senior manager of security operations at Huntress, said, “The Co-op’s swift action to pre-emptively disable access to key systems reflects a mature, proactive incident response posture. Shutting down virtual desktops and limiting backend functions, while disruptive, is often a necessary measure to contain threats before they escalate into full-scale breaches.
“This incident aligns with a broader trend we’re seeing where attackers increasingly target retail and essential services with initial access attempts, often through phishing or credential abuse, before escalating to ransomware or data theft. Defenders must stay vigilant, especially in sectors managing large volumes of sensitive customer and payment data.
“This is a timely reminder of why continuous threat detection and rapid response are critical. Real-time investigation and intervention mean the difference between an interruption and a catastrophe.”
Ben Hutchison, associate principal consultant at Black Duck, added: “With technology becoming part of the bedrock of more and more systems across industries, including retailers and high street stores, the possibility for service disruption or potential to obtain access to sensitive data and functionality through these systems is increased, which can make them a tempting target for attackers. Recent attacks highlight that software and cybersecurity, resilience, and incident response should be a key component of any organisation’s strategy and operations, no matter the market.”
As investigations continue, cybersecurity experts are urging all retailers to strengthen their defences, with particular focus on early detection, rapid containment, and ongoing resilience to keep pace with the evolving threat landscape.
