Cyber Incident Victim: The Co-operative Group
Date:
Apr 2025
Location:
United Kingdom
Summary
The Co-operative Group said it has shut down some of its IT systems after experiencing attempted cyberattacks, taking proactive steps to protect its networks. The spokesperson noted that back‑office and call‑center operations are facing disruption while stores continue to operate normally and customers are not asked to change their behaviour. It remains unclear whether the intrusion attempts succeeded, and the company has not disclosed the attack’s nature, such as ransomware, or whether it has reported the incident to the UK Information Commissioner’s Office, though it is working with the National Cyber Security Centre. The announcement follows a similar disruption reported by another UK retailer days earlier.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 1, 2025, TechCrunch reported that The Co-operative Group announced it had shut down some of its IT systems after experiencing attempted cyberattacks. Spokesperson Mark Carrington said the company recently experienced attempts by hackers to break into some of its systems and took proactive steps to keep those systems safe. He noted that the back office and call center functions were facing some disruption as a result. The company stated that it was not clear whether the attempted intrusions had been successful.
Despite the IT system shutdowns, The Co-operative Group said its stores continued to operate normally and that it was not asking customers to do anything differently at that time. The spokesperson confirmed that the company was working with the National Cyber Security Centre to address the incident. The Co-operative Group declined to provide further details about the nature of the attack, such as whether it involved ransomware. It would not say if it had reported the incident to the Information Commissioner’s Office. It also would not say if it had communicated with any threat actors.
The announcement came days after Marks & Spencer disclosed a cyberattack that prevented customers from picking up orders. The retailer said it notified the U.K. data regulator of the incident, indicating a possible data breach. The ongoing disruption at Marks & Spencer has since entered its second week.