Mutual says it has taken the action to keep systems safe.
The Co-op has shut down parts of its IT system after discovering an attempted attack.
In a letter to staff sent on Tuesday and seen by The Guardian, the Co-op said it had “taken steps to keep systems safe” so had “pre-emptively withdrawn access to some systems for the moment.”
This includes measures to protect its systems, which includes the shutdown of some business services for teams running stores and its legal services division.
Extra Checks
The Co-op did not say whether it had detected the attempts to attack its systems as a result of extra checks in the light of the M&S incident. However, it did tell staff that “protecting our systems is of paramount importance”, referring to “the recent issues surrounding M&S and the cyber-attack they have experienced.”
A spokesperson said: “We have recently experienced attempts to gain unauthorised access to some of our systems.
“As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back office and call centre services.
“We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period.”
Effective Containment Strategy
Raghu Nandakumara, head of industry solutions at Illumio, said the Co-op’s decision to proactively shut down parts of its IT systems following a cyber threat, whilst keeping essential business operations running, is a strong example of an effective containment strategy in action.
“Unlike many organisations, which are forced to halt operations entirely after attacks, the Co-op appears to have protected its most critical services and maintained business continuity,” he said. “This kind of resilience reflects a shift towards a containment mindset: ensuring that even when under attack, essential services remain operational while the root cause is investigated and resolved.
“Security today is about knowing that breaches are inevitable, but disasters are optional. This realisation is key to maintaining trust and continuity during a cyber-attack.”
Adam Casey, director of cybersecurity and CISO at Qodea: “Shutting down affected systems is a standard and crucial step in managing a significant cyber incident. Isolating compromised systems limits the attacker's ability to move laterally within the network and infect other critical infrastructure.
"This move also helps to contain the damage, as shutting down systems can prevent further data encryption, exfiltration, or corruption. Drawing operations to a halt also allows cybersecurity experts to safely analyse the affected systems, identify the root cause, and implement necessary fixes without the risk of further interference."
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
