Federated Co-operatives, which provides procurement and distribution to member co-ops across Western Canada, has reported a cyberattack which took several of its systems out of operation.
In a post on its Facebook page, the co-op, which operates stores and gas stations, said: “Federated Co-operatives Limited is experiencing a cybersecurity incident. This is impacting some internal and customer-facing systems and could impact our current inventory of certain grocery items. We appreciate your patience and support as we work through this incident.
“To our valued co-op members, in response to questions regarding your data, Federated Co-operatives Limited has issued the following: ‘We have no evidence at this time that consumer data was compromised. If the investigation determines that consumer data was compromised, we will take appropriate action’.”
The co-op, which employs more than 23,000 people and posts annual revenues of more than CA$10bn, first warned of the attack on 27 June, saying it was affecting its stores and cardlock fuel stations.
Broadcaster CBC has reported supply problems at several Federated sites, with empty shelves and aisles running low on produce and dairy products at stores in Watrous and Warman, Saskatoon. Bread, frozen goods, fruits, dairy items and fresh produce were reported to be in short supply at some stores.
It said signage was posted above shelves, warning of “unforeseen IT disruption” and “temporary shortages in product supply”.
By Friday, 28 June, the co-op reported that a number of Co-op Cardlocks had been opened for the purchase of clear fuel products as it continued to work on the problem.
Cybercrime is an increasingly serious concern for businesses. Recent incidents affecting the co-op sector include a ransomware attack in January against Coop Sweden and a hit on a third party provider that compromised systems at 60 US credit unions last December.
And on 29 June, Patelco Credit Union, which operates across the Bay Area and Northern California in the US, reported a ransomware attack that saw nearly half a million members lose access to banking services.
It announced announced on social media that services including online banking, mobile app, direct deposits, transfers, and debit and credit card transactions were unavailable.
President and CEO Erin Mendez told members in an email that the credit union is working with cybersecurity experts to assess the situation and restore services, but could not give an estimated time for restoration.
In an email on 1 July, a Patelco spokesperson added that the ransomware attack had required it “to proactively shut down some of our day-to-day banking systems in order to contain and remediate the issue”.
The credit union – the 27th largest in the US with US$9.8bn in assets and 455,000 members – tweeted: “Our teams are still working to resolve the outage. Currently electronic transactions such as transfers, payments, balance inquiries, payments are unavailable. Patelco branches, call center and Live Chat will be open and ready to assist as much as they can during our regular business hours starting tomorrow, Monday July 1. We anticipate longer than normal wait times and truly appreciate your patience.
“We’ll answer your questions as best we can, but we cannot provide specific information on your accounts at this time. We will provide further updates as information becomes available. We know this situation is concerning, and we are committed to keeping you informed as the investigation continues.
Members can still access cash from ATMs, and the credit unions branches and call center are open and operating regular business hours, although with longer wait times. Employees will not be able to access individual account details during the outage.
Another co-op affected by a cyberattack in recent days is Canadian dairy giant Agropur, although the impact was limited to part of its shared online directory and did not affect transactional systems.
“The continuity of our operations was not affected. We confirm that some of our employees and stakeholders have been affected by this incident,” said spokesperson Guillaume Bérubé in an email.
Those affected by the attack have been informed, he added, and “measures have been taken to mitigate the impact of the incident and enhance data protection.”
Agropur – owned by more than 3,000 dairy farmers, with gross sales of CA$8.2bn in 2023, says it is investigating the nature and scope of the incident with external cybersecurity experts and is in contact with law enforcement.