Co-op fends off hackers as police probe M&S cyber attack

The Co-op has shut down parts of its IT systems in response to hackers attempting to gain access to them.

It said the "proactive measures" it had taken to fend off the attack had had a "small impact" on its call centre and back office.

Meanwhile, The Metropolitan Police has confirmed it's looking into the major cyber attack at fellow retailer Marks & Spencer (M&S).

"Detectives from the Met's cyber crime unit are investigating," it said in a statement.

It is not known whether there is any link between the two incidents.

There are more than 2,500 Co-op supermarkets in the UK, as well as 800 funeral homes. It also provides food to Nisa shops.

A spokesperson confirmed its shops and funeral homes were operating as usual following the attempted hack.

"We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period," they said.

"We are not asking our members or customers to do anything differently at this point."

It comes as M&S enters the second week of a cyber attack that has caused chaos costing it millions of pounds in lost sales.

The retailer has not said what took out its online ordering systems and left empty shelves in stores.

Ciaran Martin, the founding Chief Executive of the National Cyber Security Centre (NCSC), told the Today programme on BBC Radio 4 on Wednesday it had "serious" consequences for M&S.

Experts have told the BBC they believe the cyber attack affecting M&S is a result of ransomware called DragonForce.

Ransomware is malicious software which locks an owner out of their computer or network and scrambles their data - with the criminals demanding a fee to unlock it.

It is not known whether the Co-op discovered the hacking attempt as a result of any extra security checks following the cyber attack on its high street rival.

Dan Card, cyber expert at BCS, the chartered institute for IT, said it was "very rare" for a firm to take systems offline after an attempted hack.

"Taking systems offline is typically indicative of either a loss of control or to defend against a zero day where no patch is available," he said.

A "zero day" is a term for a vulnerability in a computer system which its owners don't know about - meaning anybody can exploit it.

There have been similar hacking attempts on supermarket chains in the past, with Morrisons being impacted by an incident in December 2024.

Meanwhile, the banks Barclays and Lloyds were hit by outages earlier in 2025.