Co-op cyber attack: Islanders facing empty shelves say 'get the people fed'
Islay isn't the obvious location for the frontline of cyber crime but the picturesque island famous for its wildlife and whisky distilleries is dealing with the real world impacts of the major supermarket hack.The targeting of retailers including Marks and Spencer and Co-op has led to sporadic empty shelves across UK stores as the companies slowed deliveries and shut down parts of their IT systems in response to cyber attacks.In most places, disappointed customers at least have the option of visiting other supermarkets to pick up supplies. But communities across Scotland's Western Isles generally don't have that luxury.In this part of the country, Co-op is often the only large store, with some smaller independent retailers operating.
No fresh food
"The Co-op is so important here," said Brian Palmer, editor of local newspaper, The Ileach."We don't think because we live here that we should have every convenience you get on the mainland but I think a lack of food is probably stretching it a wee bit."No one is starving as a result of shortages but there is clear frustration with the lack of fresh food available.Staff at the Bowmore Co-op said the last full delivery was at the start of May. There have since been smaller deliveries, but not of what is required.The first aisle of the shop usually stocked with chilled meat, fruit and vegetables was almost completely bare on Friday afternoon. As was the bread section shortly after a morning delivery."It's easy to shop when there's nothing to pick from," one customer joked as they left the store.A Co-op worker said they had dealt with red weather warnings and covid but "no one understands a cyber attack."
The company told the BBC last week that the attack on its systems meant store deliveries had been hit and the hack had resulted in "significant" amounts of customer data being stolen.Co-op said "remote lifeline stores" will receive extra deliveries soon.A "spokesperson said: "We take our responsibility to our Scottish island stores and communities very seriously."As a result of the Cyber-attack, and the steps we took to keep our systems safe, we currently have a temporary contingency stock ordering and delivery process, where we have prioritised the quantity of stock and deliveries to these lifeline stores."From Monday, 12 of the most remote lifeline stores will receive treble the volume of available product, and another 20 lifeline stores will get double the volume."We would like to thank all members, customers and our amazing store colleagues for their support and goodwill through this time.
'Get the people fed'
Construction business manager Donald Gillies said he's been unable to provide a good lunch for his site workers in port Ellen throughout the last week.Asked if enough was being done to deliver food he said: "That's tosh (rubbish).""It's poor, it's really poor. Something has gone wrong in the IT system and like everything else in society it's all computer-driven and no one can make a bloomin' decision to send food over."Get the people fed."
When will disruption end?
Jude McCorry, chief executive of the Cyber and Fraud Centre based in Edinburgh, said it can take along time for companies to fully recover from cyber attacks."Even companies we don't think of as tech firms rely heavily on complex systems that take time to recover," she said,"We know from past experience that some cyber attacks are debilitating for months."I'm not saying there'll be this level of disruption for weeks and months, but it can take a long time for organisations to get back to the way they were before an attack."On Islay, people are full of praise for the local Co-op workers, they know it's not a local issue.
Sheena MacKellar from Islay Gaelic Centre took aim at the group behind the hack."These people are selfish. They are affecting the wrong people."We're hard working honest people and we're the ones who are suffering and having to work round it."But we're islanders, we're made of stronger stuff."
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Guardian
an hour ago
- The Guardian
Hit by a cyber-attack? Seven ways to protect yourself
Almost every week seems to bring news of a cyber-attack on a company, or organisation, and fears over what personal data the hackers have managed to get hold of. Last month, the footwear and sports apparel company Adidas revealed that some of its customers' personal information had been stolen, although it said passwords, credit card and other payment data were not compromised. In another incident, the personal data of hundreds of thousands of legal aid applicants in England and Wales dating back to 2010 was accessed. And these came hard on the heels of cyber-attacks that caused huge disruption at Marks & Spencer and the Co-op. If a news story emerges about a cyber incident, and it is a company or organisation that you use, or have used in the past, keep an eye out for an email from it. Affected companies will usually contact customers to give them more information about what happened and what they should do. Sometimes it will be a certain category of customer who has had their data stolen, or only people in certain countries. In the case of Adidas, it appears to be those who have contacted the customer service helpdesk in the past, which will rule out a lot of people. Sometimes, the email will bring good news and say you are not one of those affected. If your data has potentially been accessed, there will usually be some information on action you should take, or a link to a 'frequently asked questions' page. In some cases, you may be offered free access to a support service run by a cybersecurity company, or credit reference agency. If you have had any dealings with a company or organisation that has suffered a cyber-attack, change the password you use for that website, or app, immediately. Always make sure you have strong passwords, and do not use the same one on more than one account. The general advice is make each password at least 12 characters long and use a combination of numbers, upper- and lower-case letters, and symbols. Avoid things that are easily guessed or can be found online, such as your pet's name, your birthday or favourite sports team. 'A good way to make your password difficult to crack is by combining three random words to create one,' says the UK's National Cyber Security Centre. It gives as an example something like Hippo!PizzaRocket1. 'Consider using a password manager to generate and store strong, unique passwords,' says the online security company NordVPN. Two-step authentication is something you can set up for your email and other important online accounts to add an extra layer of security. It involves providing something that only you should have access to – typically it will be code generated by an authenticator app or sent to your phone you have registered with the organisation. Turn two-step authentication on for every service that offers it. Phishing emails used by fraudsters will often reference a cyber-attack that has been in the news to try to hook people in who are customers or users of that company or organisation. Sometimes fraudsters will have personal information which they obtained via an incident, or other means, which can make them sound more authentic. Do not click on a link or attachment in an email, text message or social media post unless you are absolutely sure it is legitimate. It could take you to a fake website or contain malware designed to steal your personal information. M&S has told potentially affected customers that 'you might receive emails, calls or texts claiming to be from M&S when they are not, so do be cautious'. It added: 'Remember that we will never contact you and ask you to provide us with personal account information, like usernames, and we will never ask you to give us your password.' If someone says they are from a company or organisation you use, and you cannot be 100% sure who you are dealing with, ignore the email, or hang up and find the official contact details if you want to check with it. If your personal data has been stolen, it is worth keeping tabs on your credit record (the detailed file of your financial history used by lenders to assess your creditworthiness) in case fraudsters attempt to take out loans or other products in your name. For example, if your employer has been hit by a cyber-attack, the data that may have been accessed could include your name, address, national insurance number, date of birth, bank account, salary and, sometimes, identity documents such as your passport. There is the potential for this type of information to be combined and used to commit identity fraud. The UK's main credit reference agencies are Equifax, Experian and TransUnion, and you can access your credit report in different ways – some free, some paid-for. Credit Karma and ClearScore offer access to your credit report free for life. Experian offers Identity Plus, which will monitor your personal, financial and credit information and alert you if it detects any suspicious activity. It is a paid-for service, but the cost may be covered for you by an organisation if data you hold with it has been stolen. If you are turned down for a financial product, such as a credit card or loan, despite having a good credit rating, or you stop receiving statements from your bank for no reason, it could be a sign someone has been using your identity. Other, more obvious signs are if you start to get letters relating to debts that are not yours, or your bank statement mentions an item you have not bought. Most financial and shopping scams start on social media and tech platforms, say banks. Again, be wary, as fraudsters may have obtained details about you that they can use to convince you that you are having a conversation with someone you know. There has been a rise in recent years in so-called 'Hi Mum' scams, in which fraudsters pose as loved ones on services such as WhatsApp. Someone might get in touch pretending to be a family member and saying they need cash quickly to pay a bill because they have been locked out of their online banking after getting a new phone. Do not rush into transferring money, even if you are told it is urgent. Take time and check that you are really in touch with a relative or friend. When shopping online, retailers often offer to store your payment card details for a faster checkout next time (sometimes you have to untick a box to prevent this from happening automatically). In some cases, by agreeing to this, you are giving permission for your details to be stored by a third party rather than the company you are buying from. There is less chance someone will be able to fraudulently obtain your card details if you do not allow them to be stored on more retailers' systems than is necessary – even if it means it takes slightly longer to buy your items next time you use the site.
Daily Mail
3 hours ago
- Daily Mail
Major hack exposes 86 million AT&T customer records with Social Security numbers... see if you're at risk
A massive breach of personal data from more than 86 million AT&T customers has been leaked on the dark web, with fully decrypted Social Security numbers included. The stolen data was posted to a Russian cybercrime forum on June 3. The files contain full names, birthdates, phone numbers, email addresses, home addresses, and 44 million Social Security Numbers in plain text. The breach appears linked to a large-scale cyberattack that exploited vulnerabilities in Snowflake, a US-based cloud storage platform used by major companies to manage sensitive data. Hackers reportedly accessed AT&T's data by infiltrating accounts that lacked multi-factor authentication, a basic security feature that requires more than a password to log in. To check if your data was exposed in the breach, visit the cybersecurity firm's website at Enter your information to see if any of your accounts were affected. Security researchers are urging customers to monitor their credit reports and take immediate steps to protect themselves. Law enforcement is actively investigating. The files are being widely shared across cybercrime forums, repackaged into three cleanly formatted CSV files that make them easier to access and exploit. AT&T said the hack impacted 86 million former and current customers. It said the Russian hacking group ShinyHunters was behind the breach. Around 73m customers included in the hack had their data originally stolen in 2019 and were notified at the time. However, the group appears to have accessed more records since then. 'After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web,' said AT&T in a statement. 'Affected customers were notified at that time. We have notified law enforcement of this latest development,' the spokesperson added. Cybersecurity researchers at Hackread, who first analyzed the files, found matching customer names, email addresses, physical addresses, and phone numbers across both the previous leak and the latest dataset. Security researchers are urging customers to monitor their credit reports and take immediate steps to protect themselves. Law enforcement is actively investigating ShinyHunters, the group linked to both AT&T breaches, is also behind the recent Ticketmaster breach that compromised data on 560 million people. Their growing list of high-profile leaks has prompted US lawmakers to demand answers. Senators Richard Blumenthal (Connecticut) and Josh Hawley (Missouri) have called on both AT&T and Snowflake to explain repeated failures to protect customer data. Experts say the exposure of decrypted SSNs and birthdates is especially damaging, as it enables criminals to open credit lines, impersonate victims, or apply for government services using stolen identities. 'The original breach of sensitive records from AT&T was enough to worry their customers, now it poses a significant risk to their identities,' said Thomas Richards, Infrastructure Security Practice Director at Black Duck. AT&T paid a $370,000 ransom last year, in an attempt to have stolen customer data deleted. The payment, made in Bitcoin, was routed through an intermediary known as 'Reddington.' AT&T reportedly received a video showing the files being deleted, but experts say there's no way to confirm the data wasn't copied or shared before that.
Daily Mail
8 hours ago
- Daily Mail
British Horseracing Authority is hit by CYBER ATTACK with staff told to stay away from work as governing body is latest to fall victim to hackers
The British Horseracing Authority (BHA) has been rocked after it became the latest major organisation to fall victim to a cyberattack. Staff have been told to stay away from Southampton, buildings in Holborn — their central London headquarters — and work remotely while investigations are conducted. It is understood that the attack happened at the end of last week and there is no timescale on how long it will take their systems to be returned to normal. The incident has not threatened to stop meetings being staged at courses and no disruption to the fixture list is envisaged at this stage. The incident currently appears to be limited to the BHA's internal systems and data. Still, given the sensitive information the BHA holds, it is a hugely significant event and racing's governing body joins the International Association of Athletics Federations (2017) and FIFA (2018) in being targeted by hackers. Retail giant Marks & Spencer are still feeling the ramifications of an attack at Easter. In a statement, a BHA spokesperson said: 'We recently identified and began investigating an IT incident. We are working at pace with external specialists to determine what happened in more detail and safely restore our systems.
