Co-op pauses deliveries of non-essential items as cyber attack crisis deepens

The retailer wrote to suppliers on Wednesday to tell them it would only be manually ordering a “minimum range of products that customers and members need most”, according to The Telegraph.

The Co-op also said that companies should not sending deliveries to depots without direct instruction from them first.

The c-store specialist also told suppliers who produce own-brand goods with short shelf-lives to speak to buying staff “to agree a pragmatic way forwards” during the disruption, emphasising that it was “committed to taking Co-op branded finished products that have been produced in line with agreed forecasts”.

The retailer has been struggling with its electronic data interchange system (EDI) after it was hit with a cyber attack last week. The Co-op uses the EDI to manage and maintain stock levels.

A spokesman for the retailer said that all of the Co-op’s stores were still open and trading and were receiving deliveries of “an increased level of fresh, chilled and frozen products alongside cupboard essentials”.

He added: “Some of our stores might not have all their usual products available and we are sorry if this is the case for our members and customers in their local store.

“We are working around the clock to reduce disruption and are pleased we can resume delivery of stock to our shelves.”

It emerged over the weekend that the cyber attack on the Co-op was more significant than had previously been acknowledged by the business.

The hackers, who contacted the BBC over the weekend, had evidence that they had penetrated IT systems and extracted substantial volumes of customer and employee information.

Co-op acknowledged that hackers had “accessed data relating to a significant number of our current and past members.” This contradicts earlier statements that it had implemented “proactive measures” against hackers, operations were only experiencing “small impact” and that there was “no evidence that customer data was compromised”.

The hackers claim to possess personal information of 20 million Co-op membership programme participants, though the company has not verified this figure. DragonForce also claimed responsibility for the ongoing Marks & Spencer attack and an attempted breach at Harrods.

These incidents prompted government minister Pat McFadden to urge companies to prioritise cyber security measures.