window.dotcom = window.dotcom || { cmd: [] }; window.dotcom.ads = window.dotcom.ads || { resolves: {enabled: [], getAdTag: []}, enabled: () => new Promise(r => window.dotcom.ads.resolves.enabled.push(r)), getAdTag: () => new Promise(r => window.dotcom.ads.resolves.getAdTag.push(r)) }; setTimeout(() => { if(window.dotcom.ads.resolves){ window.dotcom.ads.resolves.enabled.forEach(r => r(false)); window.dotcom.ads.resolves.getAdTag.forEach(r => r("")); window.dotcom.ads.enabled = () => new Promise(r => r(false)); window.dotcom.ads.getAdTag = () => new Promise(r => r("")); console.error("NGAS load timeout"); } }, 5000)
Skip to content

Customers complain as empty shelves continue at Co-op after hack

Liv McMahon & Tom Gerken
Technology reporters
John Walker Empty shelves in a Co-op storeJohn Walker
John Walker took this photo of empty shelves in a Co-op in Llanrwst, Conwy

Co-op customers have complained as stores are being left with empty shelves while the retailer battles with a major cyber attack disrupting deliveries of fresh stock.

The disruption comes after the company itted to the BBC on Friday the attack on its systems had resulted in "significant" amounts of customer data being stolen.

A Co-op spokesperson told the BBC deliveries to its stores were impacted by the "sustained malicious attempts by hackers to access our systems".

"We are working around the clock to reduce disruption and resume deliveries," they said.

Allow X content?

This article contains content provided by X. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read  and 
 before accepting. To view this content choose ‘accept and continue’.

"Some of our stores might not have all of their usual products available, and we would like to say sorry to our and customers if this is the case in their local store," they said.

Cyber criminals behind the attack claim to have the private information of 20 million people who signed up to Co-op's hip scheme, but the firm has not confirmed that number.

The company said in April it had seen 22% growth in its active hip base to reach 6.2 million-member owners in 2024.

It has told customers visiting its website that it believes only ' personal data such as names, details and dates of birth - not bank details, transaction information, or s - have been extracted.

If you have been affected by the ongoing issues, share your experiences by following this link.

Co-op also had issues with taking payments on Monday and Tuesday, with some shops only able to accept cash - something the firm says is now resolved.

A sign on a Co-op shop reading "Cash only, no card payments, sorry"
The retailer has also been experiencing payment problems

Shirine Khoury-Haq, chief executive of the Co-operative Group, apologised for the breach in a message to customers on Monday.

"This is obviously extremely distressing for our colleagues and , and I am very sorry this happened," she said.

"We recognise the importance of data protection and take our obligations to you and our regulators seriously, particularly as a member-owned organisation."

The attack on the Co-op was revealed only days after Marks and Spencer said it had been targeted by ransomware.

It suspended online orders and took down several services as it struggled to respond to the incident.

Meanwhile, Harrods said on Thursday it had been hit by attempted attacks from hackers.

The National Cyber Security Centre (NCSC) has warned that criminals launching cyber attacks at British retailers are impersonating IT help desks to break into organisations.