British food retailer Co-op Group said Wednesday it has reached the recovery phase following a major cyberattack and is restoring its systems in a safe and controlled manner.
The company was one of three major British retailers to experience a cyberattack in recent weeks, with the others being the famed Harrods department store and the Marks and Spencer Group.
Co-op, which has more than 2,300 stores, said it is working closely with suppliers to restock its shelves and will have improved availability by this weekend. The company’s stock-ordering system is back up and running, and normal supply processes have been restored.
Co-op is now able to accept multiple forms of payment, including contactless and chip-and-PIN.
The company confirmed on May 2 that its attackers had gained access to certain member contact data, but no passwords or card information. Executives warned, however, that the hackers were making sustained attempts to break into their systems.
Numerous product shortages were reported at store locations over the past two weeks, particularly in rural areas. A Co-op spokesperson told Cybersecurity Dive that it is increasing deliveries to stores, including additional fresh, chilled and frozen products.
“Some of our stores might not have all their usual products available and we are sorry if this is the case for our members and customers in their local store,” the spokesperson said via email. “We are working around the clock to reduce disruption and are pleased we have resumed delivery of stock to our shelves.”
Co-op is one of the world’s largest consumer cooperatives. It has more than 6 million member-owners, has 800 funeral homes and includes a wholesale business that provides to more than 6,000 additional outlets.
Earlier this week, M&S confirmed that its attackers had gained access to customer data.
The three incidents mark one of the most brazen cyberattack sprees in recent years. U.K. authorities earlier this month urged vigilance and said they were working with the respective companies to investigate how the breaches took place and whether there was a wider threat to the retail sector.
The attacks have been widely reported to be linked to a notorious criminal group called Scattered Spider, which was behind the 2023 attacks against MGM Resorts in Las Vegas. However, neither government officials nor the targeted companies have formally attributed the attacks.
A relatively new ransomware group called DragonForce has made online claims related to the attacks, while some reports speculated about the hackers deploying DragonForce ransomware.
Researchers at Silent Push released a blog in early April noting that Scattered Spider was still actively looking for targets and said they discovered a new version of Spectre RAT, which was being used to gain persistent access to compromised systems.
Google’s Threat Intelligence Group recently released guidance on how to protect against Scattered Spider intrusions.
The group has previously used social engineering techniques to get IT help desks to reset their targets’ passwords.
The U.K.’s National Cyber Security Centre warned organizations to protect against account misuse and to be on the lookout for risky logins within Microsoft Entra ID Protection.
