# Co-op Narrowly Avoided an Even Worse Cyber Attack, BBC Learns

The Co-op Group narrowly avoided a catastrophic cyber attack, which could have led to even more devastating consequences than the recent hack that saw customer data stolen and store shelves left bare. According to hackers who claim responsibility for both attacks, the Co-op's IT team made the quick decision to take computer services offline, preventing the criminals from continuing their hack. This move likely saved the retailer from a ransomware attack, which would have not only caused significant financial losses but also made it difficult to restore systems.

The revelation could help explain why Co-op has started to recover more quickly than fellow retailer M&S, which had its systems more comprehensively compromised, and is still unable to carry out online orders. The hackers who claim responsibility for both attacks told the BBC that they tried to infect Co-op with malicious software known as ransomware but failed when the firm discovered the attack in action.

"We spent a while seated in their network," they boasted. "They yanked their own plug - tanking sales, burning logistics, and torching shareholder value." Cyber experts like Jen Ellis from the Ransomware Task Force said the response from Co-op was sensible, as it opted for self-imposed immediate-term disruption to avoid longer-term disruption.

"The decision made by Co-op's IT team was a good call in this instance," she said. "These kinds of crisis decisions are often taken quickly when hackers have breached a network and can be extremely difficult." Ms Ellis noted that the cyber attack on Co-op was likely detected before it could cause significant damage, unlike M&S which is still struggling to recover from its own cyber attack.

The attackers claimed to have breached Co-op's computer systems long before they were discovered. They stole a large amount of private customer data and were planning to infect the company with ransomware, but were detected. Ransomware is a type of attack where hackers scramble computer systems and demand payment from victims in exchange for handing back control.

It would also have made the restoration of Co-op's systems more complex, time-consuming and expensive - exactly the problems M&S appears to be wrestling with. The attackers claimed responsibility for both attacks, which struck over Easter, and said they were using a cyber crime service called DragonForce.

M&S has yet to confirm it is dealing with ransomware, but cyber experts have long said that is the situation. Nearly three weeks on, the retailer is still struggling to get back to normal, as online orders are still suspended and some shops have had continued issues with contactless payments and empty shelves this week. An analysis from Bank of America estimates the fallout from the hack is costing M&S £43m per week.

On Tuesday, M&S admitted personal customer data was stolen in the hack, which could include telephone numbers, home addresses and dates of birth. It added that the data theft did not include useable payment or card details, or any account passwords - but nonetheless urged customers to reset their account details and be wary of potential scammers using the information to make contact.

Co-op seems to be recovering more quickly, saying its shelves will start to return to normal from this weekend. Nonetheless, it is expected to feel the effects of the cyber attack for some time. "Co-op have acted quickly and their work on the recovery helps to soften things slightly, but rebuilding trust is a bit harder," Prof Oli Buckley, a cyber security expert at Loughborough University, told the BBC.

"It will be a process of showing that lessons have been learned and there are stronger defences in place." The same cyber-crime group has also claimed responsibility for an attempted hack of the London department store Harrods.