Co-op instructs staff to keep cameras on amid cyber attacks

Co-op has instructed staff to keep their cameras on during remote work meetings, as a way to verify all attendees following a cyber attack at the group, the BBC has reported.  

An internal email was sent to the 70,000 employees of the supermarket, funeral service, and insurance group, urging them to remain vigilant while IT departments work to secure their systems against potential hacker intrusions.

The news comes after Co-op had to shut down parts of its IT systems on Wednesday (30 April) in response to hackers’ attempts to gain access. 

While M&S has also recently been targeted by hackers, it is currently unknown whether the two cases are linked. 

On Wednesday, Co-op revealed that the attack had had a “small impact” on its call centre and back office operatings, and as a result, was taking “proactive measures”. 

However, the latest report of the internal email to staff suggests that Co-op has shut off all remote access. 

Remote access to internal applications requiring a VPN is currently unavailable from home, and Co-op told employees needing access to work tools to visit a Co-op location. Additionally, staff have been reminded not to share sensitive information in Teams chats and to promptly report any suspicious messages or emails.

The Co-op maintains that the cyber attack is contained and emphasised that all implemented security protocols are “proactive”.

A spokesperson for Co-op told Retail Sector: “We have recently experienced attempts to gain unauthorised access to some of our systems. As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back office and call centre services.

“All our stores (including quick commerce operations) and funeral homes are trading as usual. We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period.”

“We are not asking our members or customers to do anything differently at this point. We will continue to provide updates as necessary.”

The Metropolitan Police has verified that they are investigating the cyber attack on M&S. Additionally, M&S has notified the National Cyber Security Centre (NCSC) regarding the incident.

Richard Horne, chief executive of the NCSC, added: “The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public.

“The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.”