M&S and Co-op customers warned over common task after 20 million members targeted

M&S and Co-op customers warned over common task after 20 million members targetedMillions of Brits are being urged to take hefty precaution after hackers were able to gain access to several

supermarket giant's IT network, after reportedly posing as employeesCommentsMoneyLiam Gilliver Senior Reporter07:00, 12 May 2025Updated 08:31, 12 May 2025Hackers have sparked nationwide

chaos for M&S and the Co-op(Image: Anadolu Agency via Getty Images) Major cyberattacks targeting two popular UK retailers have sparked widespread chaos in recent weeks. It is believed

hackers, said to be part of a criminal group nicknamed 'DragonForce', posed as employees to gain access to the firms' network.

The assault resulted in the Co-operative and Marks & Spencer scrambling to keep up with online orders and stock availability, with some stores only being able to operate on a cash-only

basis. Confused customers flocked to social media, showing how swathes of shelves had been left empty, while warning signs on meal deal availability had also been erected in certain stores.

‌ "As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps," M&S stated on April 25. "Our product range

remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers."

‌READ MORE: UK energy bill chaos as thousands to be paid £66 compensationIt is believed 20 million past and present Co-op members have had their data stolen by hackers(Image: peter dazeley)

On May 2, a spokesperson for the Co-op revealed it was continuing to experience 'sustained malicious attempts by hackers to access' their systems. "This is a highly complex situation, which

we continue to investigate in conjunction with the NCSC and the NCA," it added.

"We have implemented measures to ensure that we prevent unauthorised access to our systems whilst minimising disruption for our members, customers, colleagues and partners. As a result of

ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems."

Article continues below It is widely reported that hackers managed to access data from 20 million past and current members of the Co-operative, while Marks & Spencer - which saw its shares

tank - has yet to disclose whether personal data was stolen at all. The Co-op has reassured customers that the stolen data only includes names and contact details - and not passwords or

financial information.

Experts say the series of cyberattacks expose the retail sector's 'critical vulnerability' and have been described as a 'wake up call' by Cabinet minister Pat McFadden, as he announced a

boost in cybersecurity investment. "What we have seen over the past couple of weeks should serve as a wake-up call for businesses and organisations up and down the UK, as if we needed one,

that cybersecurity is not a luxury but an absolute necessity," he added.

The series of attacks have been described as a 'wake-up call'(Image: Getty Images/iStockphoto)‌Get the best deals and tips from Mirror Money WHATSAPP GROUP : Get money news and top deals

straight to your phone by joining our Money WhatsApp group here. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don’t like

our community, you can check out any time you like. If you’re curious, you can read our Privacy Notice.

NEWSLETTER : Or sign up to the Mirror's Money newsletter here for all the best advice and shopping deals straight to your inbox.

If you're concerned about ransomware attacks, consumer brand Which? has warned against one common task you may not normally think twice about. "Don't download attachments you haven't been

expecting or click on links that are trying to persuade you to give away personal details," the brand said. "You can always contact a company directly if you want to check if a message is

genuine."

Article continues below The publication also advised only downloading software/apps from a 'trusted source' and making sure you look for 'reputable software manufacturers when deciding what

to download'. Updating your PC to the latest software will also help keep your security protection.

"Windows 10 and 11 allow you to turn on a setting that protects folders from unauthorised programs such as ransomware," Which? explained. "To turn it on, open the Windows Security app

(select the shield icon from your Taskbar – if you can't see it, click Show hidden icons, which looks like ^). Scroll down, select Ransomware protection and click Controlled folder access to

turn it on."

Do you have a story to share? Email us at [email protected] for a chance to be featured.