Peter Green Chilled ransomware attack hits Tesco, Sainsbury’s and M&S supply chains

A ransomware attack on Peter Green Chilled, one of the UK’s most critical cold chain logistics providers, has brought significant disruption to supermarket distribution networks, drawing attention to the mounting cybersecurity threats facing the country’s retail and food logistics sectors. The breach, confirmed in mid-May 2025, has halted the company’s core order management systems, directly impacting key retail clients such as Tesco PLC, Sainsbury’s PLC, Marks & Spencer Group plc, and Aldi.

Based in Somerset, Peter Green Chilled specialises in temperature-controlled warehousing and the nationwide distribution of chilled and frozen goods. Its suspension of order processing following the cyberattack has put immense pressure on the availability of perishable products across UK retail shelves, particularly in meat, dairy, and prepared food categories. While transport operations continued for a limited time with existing loads, no new orders were being accepted—a development that has sent shockwaves across the country’s food supply ecosystem.

Why Did Peter Green Chilled’s Systems Go Offline?

The cyberattack has been confirmed as a ransomware intrusion—an increasingly common form of cybercrime in which malicious actors encrypt a company’s data and demand payment for decryption keys. Peter Green Chilled has not disclosed whether a ransom was demanded or paid, but internal sources suggest that attackers targeted its enterprise resource planning (ERP) and order fulfilment modules, effectively shutting down its ability to coordinate warehouse inventory and transport dispatches.

Industry cybersecurity experts said that the timing of the attack, close to major seasonal restocking cycles for supermarkets, may have been deliberate. This tactic is designed to inflict maximum disruption and increase the likelihood of a payout. The National Cyber Security Centre (NCSC) is now investigating the incident alongside private forensic IT specialists.

How Did the Attack Impact Supermarket Supply Chains?

Retailers that depend on Peter Green Chilled for consistent and compliant cold chain distribution have already begun facing delayed deliveries and threatened stock availability. The Black Farmer, one of the UK’s prominent food producers, reported that up to ten pallets of fresh meat products were stranded and at risk of spoilage. Founder Wilfred Emmanuel-Jones publicly criticised the lack of information and transparency during the outage, which he said had already resulted in financial and reputational damage.

With no immediate alternative logistics partners equipped to replicate Peter Green Chilled’s chilled distribution infrastructure at scale, supermarkets have been forced to either delay orders or partially fulfil chilled category requirements through other routes—an inefficient and costly workaround. While no formal customer warnings have been issued by major retailers, early signs of reduced stock in chilled goods sections have been noted in certain regional outlets.

How Important Is Peter Green Chilled to UK Food Logistics?

Founded over three decades ago, Peter Green Chilled is among a handful of logistics firms in the UK specialising exclusively in temperature-sensitive food transport. With facilities across the Southwest and a growing fleet of refrigerated vehicles, the company plays a central role in managing the delicate cold chain that ensures freshness and food safety standards are maintained during transport from farms and processors to supermarket shelves.

The firm’s long-standing contracts with national retailers like Tesco, Sainsbury’s, and Marks & Spencer have made it an indispensable node in the UK’s just-in-time (JIT) logistics architecture. This attack, therefore, poses not just an operational risk but a systemic supply chain vulnerability that resonates across the broader retail ecosystem.

Has the UK Retail Sector Seen Similar Attacks?

This is not an isolated event. The UK’s retail and supply chain sectors have seen a dramatic escalation in ransomware incidents over the past 18 months. Most notably, Marks & Spencer revealed in early May 2025 that it had been the target of a sophisticated cyberattack, reportedly carried out by the Scattered Spider group, leading to an estimated £60 million in operational and data-related losses. That attack followed a similar breach at The Co-operative Group in 2024, which affected inventory systems and resulted in short-term customer data compromise.

Industry analysts believe that attackers are deliberately targeting sectors where downtime leads to quick, tangible losses—food, logistics, healthcare, and transportation—thereby pressuring victims into quick settlements. David Mound, a senior threat analyst at SecurityScorecard, commented that “attackers now focus on high-throughput, low-tolerance verticals where digital downtime equals financial pain.”

How Are Retailers and Authorities Responding to the Incident?

The National Cyber Security Centre and Department for Environment, Food & Rural Affairs (DEFRA) have jointly advised food logistics firms to conduct urgent audits of their cyber resilience. Recommendations include multi-factor authentication, encrypted offline backups, real-time anomaly detection systems, and more robust incident response playbooks.

As of May 21, Peter Green Chilled is gradually restoring systems with support from external IT specialists. The firm is expected to resume full order processing within two weeks, though backlogs and inventory imbalances are anticipated to persist into early June. Retail clients are also being advised to diversify logistics partners where feasible to avoid over-dependence.

Industry watchdogs have renewed calls for the government to classify key logistics firms as part of the UK’s critical infrastructure, which would mandate more stringent cybersecurity compliance and unlock access to emergency support frameworks.

How Has the Market Reacted to the Supply Chain Threat?

Though Peter Green Chilled is privately held, its entanglement with public companies means the impact has drawn institutional scrutiny. Marks & Spencer Group plc, already under pressure due to its own breach, has seen stagnant trading over the last week, with bearish sentiment increasing among hedge funds tracking cybersecurity exposure. Meanwhile, Tesco PLC and Sainsbury’s PLC stocks remained relatively stable but saw minor dips on higher-than-average volume on May 20, indicating a cautious investor outlook.

Sector rotation data suggests institutional flows are shifting toward cybersecurity stocks. Darktrace plc, the UK-based AI cybersecurity vendor, saw a 3.8% intraday gain on May 20, driven in part by the news. Analysts at Barclays noted an uptick in inflows into defensive and risk-mitigation verticals, with cybersecurity ETFs gaining traction among retail and institutional traders alike.

What’s Next for Cybersecurity in Cold Chain Logistics?

Analysts expect further investment in digital infrastructure from logistics providers that historically underinvested in cybersecurity due to thin margins and operational cost focus. There is also growing momentum for industry-wide collaborations, where larger retailers help fund or co-manage cybersecurity readiness across their supply chain partners.

From a policy perspective, momentum is building within Parliament for amendments to the National Security and Investment Act 2021 to extend “strategic asset” designations to cold chain logistics providers. This would offer both regulatory cover and a direct path to government assistance in the event of future ransomware events.

While the Peter Green Chilled ransomware attack has exposed painful gaps in resilience, it also marks a turning point in how the UK food and retail sectors must futureproof their operations against digital sabotage.