carloscastilla - Fotolia

News

Retail cyber attacks hit food distributor Peter Green Chilled

Cold chain services provider Peter Green Chilled, which supplies the likes of Aldi, Sainsbury’s and Tesco, has been forced to halt operations after succumbing to a ransomware attack

Alex Scroxton
By
Published: 20 May 2025 15:45

Peter Green Chilled, a major distributor of chilled and fresh products to British supermarkets, has reportedly fallen victim to a ransomware attack orchestrated by an as-yet unnamed cyber criminal operation, becoming the latest organisation in the British retail sector to be affected by a security incident.

Established as a haulage company working with Somerset dairy suppliers 60 years ago, Peter Green has grown into a little-known but well-established player in the nation’s cold chain – temperature-controlled warehousing and transport – sector, supplying the likes of Aldi, Sainsbury’s and Tesco among others. It is also a supplier of IT services including transport and warehouse management systems (T/WMS), electronic data interchange (EDI), stock and temperature control systems, and vehicle tracking and monitoring.

According to BBC Radio 5 Live’s Wake up to money programme – which was first to report the story – the attack appears to have begun on the evening of Wednesday 14 May and has left the organisation unable to accept new orders.

A spokesperson for Peter Green told the programme it was not in a position to be able to discuss the incident further. However, one of the organisation’s customers, The Black Farmer founder Wilfred Emmanuel-Jones, said that almost a week into the incident, he had been offered no solution for how Peter Green was going to get stock he had already delivered to its warehouses out to retailers.

“If they’re not delivered in the next couple of days, because they’re fresh products, they have to be thrown away,” said Emmanuel-Jones. “For a small business it is pretty devastating. To make matters even worse is that we’ve just also got a delivery that’s come in from Sweden that is stuck at a port because Peter Green is not taking in any other stock from any suppliers, so we have to try to find some way of getting it to the supermarkets.”

Emmanuel-Jones told the radio programme that his business could stand to lose up to £100,000, losses that would be hard for a small organisation to bear.

Computer Weekly reached out to Peter Green Chilled but found its email addresses non-responsive.

Link to M&S, Co-op attacks speculative

Absent further information from Peter Green, at the time of writing, any links to the ongoing DragonForce/Scattered Spider incidents affecting Marks and Spencer (M&S) and Co-op are unproven and merely speculative.

However, David Mound, senior penetration tester at third-party risk specialist SecurityScorecard, said the firm’s team was closely monitoring the “emerging pattern” of cyber attacks impacting food retailers.

He said that in drawing other household names into the fray, the developing Peter Green incident highlighted the fragility of interconnected digital supply chains, and was creating a cascading effect throughout the retail sector.

“These incidents reflect a growing trend among cyber criminal groups to exploit sectors where time sensitivity and perishability heighten pressure to restore operations, increasing the likelihood of ransom payments,” said Mound. “In food retail, even short-term disruption can lead to spoilage, logistical bottlenecks and loss of consumer trust.

“Attackers are no longer just targeting data; they’re targeting urgency,” he said. “In environments where product expiration and just-in-time delivery are business-critical, threat actors understand that every hour offline amplifies the pressure to pay.

“Many critical logistics and IT providers are insufficiently risk-tiered or assessed,” added Mound. “There is an urgent need for sector-wide collaboration on third-party risk intelligence and resilience standards.

“SecurityScorecard urges all organisations in the food and retail sectors to re-evaluate their third-party risk posture and ensure suppliers are assessed not only for compliance, but for operational resilience under duress.”

Timeline: UK retail cyber attacks

  • 22 April 2025: A cyber attack at M&S has caused significant disruption to customers, leaving them unable to make contactless payments or use click-and-collect services.
  • 24 April: M&S is still unable to provide contactless payment or click-and-collect services amid a cyber attack that it says has forced it to move a number of processes offline to safeguard its customers, staff and business.
  • 25 April: M&S shuts down online sales as it works to contain and mitigate a severe cyber attack on its systems.
  • 29 April: The infamous Scattered Spider hacking collective may have been behind the ongoing cyber attack on M&S that has crippled systems at the retailer and left its ecommerce operation in disarray.
  • 30 April: A developing cyber incident at Co-op has forced the retailer to pull the plug on some of its IT systems as it works to contain the attack.
  • 1 May: Co-op tells staff to stop using their VPNs and be wary that their communications channels may be being monitored, as a cyber attack on the organisation continues to develop.
  • 1 May: Harrods confirms it is the latest UK retailer to experience a cyber attack, shutting off a number of systems in an attempt to lessen the impact.
  • 2 May: The National Cyber Security Centre confirms it is providing assistance to M&S, Co-op and Harrods as concerns grow among UK retailers.
  • 7 May: No end is yet in sight for UK retailers subjected to apparent ransomware attacks.
  • 13 May: M&S is instructing all of its customers to change their account passwords after a significant amount of data was stolen in a DragonForce ransomware attack.
  • 14 May: Google’s threat intel analysts are aware of a number of in-progress cyber attacks against US retailers linked to the same Scattered Spider gang that supposedly attacked M&S and Co-op in the UK.

Read more on Data breach incident management and recovery