Fears 'hackers still in the system' leave Co-op shelves running empty across UK

Grocery shelves at the Co-op retail chain are increasingly depleted in spots across the United Kingdom as the company continues to respond to an attempted cyberattack detected two weeks ago.

Recorded Future News understands that the company fears the hackers still have access to its network and is keeping some critical logistics systems offline, preventing shops from getting resupplied with many goods.

Back in April, the company announced taking “proactive steps” and shutting down part of its IT network after detecting “attempts to gain unauthorised access to some of our systems," initially acknowledging there would be “a small impact to some of our back office and call centre services.”

In a subsequent statement published on the Co-op’s website, its chief executive Shirine Khoury-Haq acknowledged “significant disruption” as a result of the cyberattack and confirmed that customer and member data was compromised. The nature of the hack has not yet been confirmed.

Retail staff who spoke to Recorded Future News on Monday morning said that deliveries from the Co-op’s large depots were well below 20% of their normal capacity, which was why shelves were running empty.

Supplies of certain perishables, particularly animal products (meat, poultry, eggs, milk), are being prioritized for delivery due to strict laws around how they must be disposed of when past their sell-by dates. Other items, including fresh fruit and vegetables, as well as canned food and cigarettes, are increasingly absent from the Co-op’s stores. 

One of the workers said they didn’t expect things to return to normal until at least June, noting how similar problems were still affecting fellow cyberattacked retailer Marks & Spencer which, in the worker’s words, was “two weeks ahead of us and still struggling.” 

A spokesperson for the Co-op said: “All our stores are open and trading and we are now making deliveries to all of our stores, flowing in an increased level of fresh, chilled and frozen products alongside cupboard essentials.

“Some of our stores might not have all their usual products available and we are sorry if this is the case for our members’ and customers in their local store. We are working around the clock to reduce disruption and are pleased [to] have resumed delivery of stock to our shelves,” the spokesperson added.

Because of the complexities involved in pushing goods through retail supply-chains, the staff members said that even if the logistics systems were recovered immediately it would take weeks before shelves began to fill again. The spokesperson did not respond when asked if stock was being delivered at the same rate as before the cyber incident.

While in most locations other retailers can provide customers with any needed food and goods, BBC News has reported how on the island of Islay in Scotland, where the Co-op is the only large grocery store, the company has brought in “a temporary contingency stock ordering and delivery process, where we have prioritized the quantity of stock and deliveries to these lifeline stores.”

The Co-op is a consumer co-operative with more than 50,000 employees in over 3,000 locations across the country — including grocery stores, insurance services and funeral parlors — and reported making around £161 million ($212 million) in profits before tax over the last financial year, with revenues of around £11.3 billion ($14.9 billion).

As the company is owned by its members rather than publicly listed, it is not required to make any declaration to the London stock exchange about the expected adverse financial impact of the attack.