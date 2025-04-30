Just a few days after Marks & Spencer reported suffering from a major cyber-attack, another UK-based major retailer confirmed an intrusion into its IT systems.

After reports in UK media of an April 30 internal letter informing the retailer’s staff that the company has been forced to shut down parts of its IT systems, the Co-operative Group (Co-op) confirmed to Infosecurity that it has “recently experienced attempts to gain unauthorised access to some of our systems.”

This intrusion has led the company to “take proactive steps to keep our systems safe, which has resulted in a small impact to some of our back office and call centre services,” a Co-op spokesperson said.

However, the spokesperson stated that all Co-op stores, including quick commerce operations and funeral homes, were trading as usual. They also mentioned that they were not requesting their members or customers to make any changes at that time.

“We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period. We will continue to provide updates as necessary,” the spokesperson added.

The Co-op is the seventh-largest retailer in the UK with 5.2% market share, according to Kantar’s Total Till Roll report, published in February 2025.

Co-op’s Incident Response Praised

Raghu Nandakumara, Head of Industry Solutions at Illumio, lauded the company for its response. “The Co-op’s decision to proactively shut down parts of its IT systems following a cyber threat, whilst keeping essential business operations running, is a strong example of an effective containment strategy in action,” he said.

“Unlike many organizations, which are forced to halt operations entirely after attacks, the Co-op appears to have protected its most critical services and maintained business continuity. This kind of resilience reflects a shift towards a containment mindset: ensuring that even when under attack, essential services remain operational while the root cause is investigated and resolved.”

According to Scott Dawson, CEO of DECTA, the choice of the retailer to shut down part of its IT system unfortunately also highlights the lack of cyber resilience that’s implemented in many organizations’ IT systems.

“This incident, coming on the heels of major breaches at Marks & Spencer and other high-profile targets, highlights how brittle legacy architectures and siloed security practices are, and no match for sophisticated threat actors. When a single intrusion forces entire back-office operations offline, every step from inventory management to customer service teeters on collapse,” he said.

Dawson urged businesses to move from reactive patchwork to proactive resilience engineering architected into every layer of IT strategy, or retailers will continue to pay the price.

“Only then can retailers protect revenue streams, reputations and the trust of the millions who rely on them,” he said.

Photo credits: Roger Utting/WD Stock Photos/Shutterstock