The bank holiday weekend saw continuing disruption from a series of cyber attacks on the UK retail sector that have unfolded over the past fortnight, with gaps appearing on shelves at Marks and Spencer (M&S) and Co-op.

The attacks, which began over the Easter weekend, have been claimed by representatives of the DragonForce ransomware-as-a-service (RaaS) operation. They were first linked to Scattered Spider and The Com, two overlapping English-speaking hacking collectives, acting as a DragonForce affiliate.

In a further update over the weekend, Co-op CEO Shirine Khoury-Haq told customers via email that the cyber criminals behind the attack were “highly sophisticated” and that managing its severity meant multiple services must remain suspended.

Khoury-Haq reiterated that customer data has been impacted in the attack. “This is obviously extremely distressing for our colleagues and members, and I am very sorry this happened. We recognise the importance of data protection and take our obligations to you and our regulators seriously, particularly as a member-owned organisation,” she said.

The impacted data on Co-op members appears to include names, dates of birth and contact information, but not passwords, financial details, or any information on members’ shopping habits or other interactions with the organisation.

DragonForce, the white-label ransomware-as-a-service group claiming responsibility for all three attacks, had previously shared a sample of this data on about 10,000 Co-op members with the BBC and told reporters that other UK retailers were on a blacklist.

Meanwhile, M&S insiders – speaking to Sky News – revealed how IT staff have been forced to sleep over in the office amid the chaos. The employees described how a lack of planning for such a scenario had led to chaos within M&S, and said it could be a significant length of time before things start to return to normal.

The National Cyber Security Centre’s (NCSC) Jonathan Ellison and Ollie Whitehouse, director of national resilience and chief technology officer respectively, said: “The NCSC is working with organisations affected by the recent incidents to understand the nature of the attacks and to minimise the harm done by them, and providing advice to the wider sector and economy.

“Whilst we have insights, we are not yet in a position to say if these attacks are linked, if this is a concerted campaign by a single actor, or whether there is no link between them at all. We are working with the victims and law enforcement colleagues to ascertain that,” they said.

“We are also sharing what we know with the companies involved and the wider sector – through our sector-focused Trust Groups run by the NCSC – and encouraging companies to share their experiences and mitigations with each other,” added Ellison and Whitehouse.