In a tense week for British retailers, the Co-op supermarket chain has dodged a digital bullet, fending off hackers trying to claw their way into its IT systems. Meanwhile, Marks & Spencer is still staggering from a brutal cyber attack that’s bled millions in lost sales. The Metropolitan Police are now digging into the M&S breach, as both companies scramble to secure their networks in a world where cybercrime never sleeps.
On April 30, the Co-op revealed it had shut down chunks of its IT infrastructure to block unauthorized access. The move was swift, deliberate, and—according to the company—effective. Hackers got nowhere near customer data or store operations, but the defensive play wasn’t without collateral damage. Call centers and back-office functions took a hit, with some delays reported. The Co-op, tight-lipped about the specifics, called the impact “small” and insisted no stores were shuttered. Still, the preemptive shutdown underscores just how seriously the retailer took the threat.
Across town, M&S is grappling with a far uglier mess. The high-street giant has been under siege for nearly two weeks, with a cyber attack that’s crippled its systems and sparked chaos. By April 30, the company confirmed it had reported the breach to the National Cyber Security Centre, a government body tasked with tackling digital threats. The attack has already cost M&S millions, with sales tanking as customers face disruptions. The Metropolitan Police, not wasting time, have launched a formal investigation, though details remain scarce. No group has claimed responsibility, and the scale of the damage is still unfolding.
Ciaran Martin, the former head of the National Cyber Security Centre, didn’t mince words on BBC Radio 4’s Today programme. He called the M&S attack “serious,” pointing to its ripple effects across the retailer’s supply chain and customer trust. For M&S, the stakes couldn’t be higher—every day of downtime is another blow to its bottom line.
The Co-op, by contrast, seems to have caught its would-be intruders flat-footed. Its IT teams spotted the attempted breach early, pulling the plug on vulnerable systems before any real harm was done. The retailer hasn’t disclosed whether customer data was targeted or what kind of attack it faced—ransomware, phishing, or something nastier—but the speed of its response likely spared it from M&S’s fate.
Both incidents shine a harsh light on the growing menace of cybercrime for UK businesses. Retailers, with their vast troves of customer data and sprawling digital networks, are prime targets. The Co-op’s quick thinking may have saved it this time, but M&S’s ongoing nightmare shows just how devastating a successful attack can be. As police probe the M&S case and the Co-op shores up its defenses, one thing’s clear: the hackers aren’t backing down.
The Metropolitan Police continue to investigate the M&S cyber attack. The Co-op reports no customer data was compromised. M&S has not released a full estimate of financial losses.