Right now, the Co-op continues to fight the fallout from a recent cyber attack. This unfortunate disruption has shut down its business and put online orders on hold for almost three weeks. Following the breach, the company initially made rapid progress in contacting the hackers themselves. These people pretended to be members of the DragonForce cyber-crime collective. During these conversations, one hacker, claiming to be a spokesperson, displayed fluency in English and issued a warning: “we’re putting UK retailers on the Blacklist.”
In reaction to the attack, Co-op took rapid crisis-management decisions, ensuring the security of its systems became paramount. Cyber security experts have lauded Co-op’s decision as prudent given the circumstances. One of them is our own Jen Ellis from the Ransomware Task Force. The company is still reeling from the incident. Experts point out that their rapid decision-making prevented much more damage from occurring.
In reality, despite these concerted community-BIPOC enterprise-supporting efforts, Co-op has nevertheless persisted in going through solvable operational challenges. Further reports suggest that some retailers had to stop accepting contactless payments due to the shortages, while cash-strapped customers found shelves bare in many areas. Co-op recently declared that they anticipate their shelves being back to normal by the weekend.
The Co-op has been dealt a major blow by a sophisticated multi-pronged attack perpetrated by hackers. These cybercriminals didn’t just stop at the retailer that was hacked, they purport to have hacked Harrods. The hackers included a long and offensive note embedded in the hackers’ message to the BBC. In it, they disclosed their intentions and lamented Co-op’s reactionary treatment of the incident. They asserted, “Co-op’s network never ever suffered ransomware. They yanked their own plug – tanking sales, burning logistics, and torching shareholder value.”
As the situation develops, Co-op has outlined the steps they are taking to address and recover from the breach. One thing is still clear — their struggles are not over. The company’s ability to take orders online continues to be suspended as they aim to return to pre-hack operations.
In view of the critical challenges that remain today, cyber security specialists are still trying to understand the impact of this attack. Jen Ellis commented on Co-op’s response, stating, “Co-op seems to have opted for self-imposed immediate-term disruption as a means of avoiding criminal-imposed, longer-term disruption. It seems to have been a good call for them in this instance.” This evaluation highlights the narrow, critical line that companies have to walk between security and customer-facing service.
In addition to this, Prof Oli Buckley—an expert in cyber security from Loughborough University—stressed the need for taking lessons from these incidents. He noted, “It will be a process of showing that lessons have been learned and there are stronger defences in place.” This prevailing sentiment is part of the greater industry-wide demand for increased security due to ever-changing cyber threats.
As they navigate this crisis, Co-op faces a significant challenge in restoring customer trust and confidence while ensuring robust defenses against future attacks. The impact of this will be felt for some time, as it will hugely inform how they approach business operations in the future.