Co-op says shelves to be more fully stocked this weekend

A shop fridge with almost empty shelves, and a sign stuck on the window which says "Sorry we are having some availability issues which will be resolved shortly"

Shoppers have found some empty shelves over the past few weeks

Lucy Hooker & Imran Rahman-Jones
Business & technology reporters

Co-op customers should see stocks on shelves start to return to more normal levels this weekend, the company said, after it announced it was switching its online ordering system for suppliers back on after a cyber-attack.

The hack resulted in payment problems, widespread shortages of goods in shops, and compromised customer and staff data.

The hackers, who use the name DragonForce, also claim to be responsible for a similar attack on Marks and Spencer (M&S) and an attempted hack of Harrods earlier this month.

Co-op said it was bringing its systems "gradually back online in a safe and controlled manner."

Earlier this month, cyber criminals infiltrated the Co-op's IT networks apparently trying to extort money from the grocery chain.

The company moved to limit the impact of the attack by shutting down some IT systems, including parts of its supply chain and logistics operations, resulting in huge disruption to deliveries.

Shoppers have shared images of empty store shelves and fridges - which has been a particular issue in isolated communities, where the retailer can be the only large food shop.

Co-op says this should improve in the coming days in-store and online, as it works with its suppliers to restock.

It says all payments systems, including contactless payments, are back up and running.

In a statement, the company thanked "colleagues, members, partners and suppliers for their support so far."

Even though the retailer now hopes to move back to something like business as usual, experts caution the cyber attack will affect the Co-op for some time to come.

"The reputational impact of an attack like this is something that can linger", Prof Oli Buckley, a cyber security expert at Loughborough University, told BBC News.

"Their work on the recovery helps to soften things slightly, but rebuilding trust is a bit harder," he said.

The costs of recovery and upgrading security systems could also have a "long-lasting ripple effect" on the company's finances, he added.

Customers will likely become "more cautious about sharing personal and financial information," according to Dr Harjinder Lallie, reader in cyber security at the University of Warwick.

The hack is a a reminder for the retail industry that more complicated IT systems and advanced attacks mean "proactive investment in resilience is no longer optional - it's essential", he said.

In a message sent to its suppliers earlier this week, and first reported by The Grocer, the Co-op asked for patience as it gets its systems back up and running.

It warned of likely increased "volatility" in order volumes.

The cyber criminals claim to have the private information of 20 million people who signed up to Co-op's membership scheme, but the firm would not confirm that number.

M&S admitted on Tuesday that some customer data had been stolen in the hack of its systems.

Customers are still unable to make online orders with M&S, nearly three weeks after the retailer was forced to suspend them.

A green promotional banner with black squares and rectangles forming pixels, moving in from the right. The text says: “Tech Decoded: The world’s biggest tech news in your inbox every Monday.”

Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.

Related topics