The chief executive of Co-op has confirmed that all 6.5 million of its members had their personal data stolen in a devastating cyber-attack that hit the UK retailer in April.
In her first public interview since the breach, CEO Shirine Khoury-Haq expressed her devastation over the incident, which compromised names, addresses, and contact information of every member of the cooperative retailer.
Khoury-Haq told BBC Breakfast that she was “incredibly sorry” for the attack and described it as “personal” due to its impact on both members and employees.
“I’m devastated that information was taken. I’m also devastated by the impact that it took on our colleagues as well as they tried to contain all of this,” she said.
The CEO emphasized that while no financial or transaction data was compromised, the breach still represented a significant violation of member trust.
“It hurt my members, they took their data and it hurt our customers and that I do take personally,” Khoury-Haq stated.
She described meeting with IT staff during the crisis, noting she would “never forget the looks on their faces, trying to fight off these criminals”.
Despite successfully removing the hackers from their systems, Co-op was able to monitor the attackers’ activities and provide evidence to authorities.
However, Khoury-Haq acknowledged that “a lot of that information is out there anyway, but people will be worried and all members should be concerned”.
Connection with Retail Cyber-Attacks
The National Crime Agency (NCA) announced that four individuals arrested in connection with cyber-attacks on Co-op and Marks & Spencer (M&S) have been released on bail pending further inquiries.
The suspects include a 17-year-old British man from the West Midlands, a 19-year-old Latvian man from the West Midlands, a 19-year-old British man from London, and a 20-year-old British woman from Staffordshire.
All four were arrested from their home addresses on suspicion of blackmail, money laundering, offences under the Computer Misuse Act, and participating in organized crime activities. Police also seized electronic devices during the raids.
The attacks occurred in spring 2024, with Co-op initially announcing the breach on April 30, describing it as having only a “small impact” on call centre and back office operations.
However, the scope of the breach became clearer when BBC News revealed that both customer and employee data had been accessed after being contacted by the alleged hackers.
Broader Impact and Prevention Efforts
Co-op was one of three major retailers targeted in the spring cyber-attacks, alongside M&S and Harrods.
M&S also suffered customer data theft and continues to recover from system disruptions that have cost millions of pounds.
In response to the breach, Co-op has partnered with cyber-security recruitment company The Hacking Games to identify young talent and channel their skills into legitimate careers.
“The research shows that if you offer these kids talent development opportunities and career opportunities, the vast majority of them will take the legitimate pathway,” said The Hacking Games CEO Fergus Hay.
The company is planning a pilot programme with Co-op Academies Trust, which operates 38 schools across England, as part of broader efforts to prevent future cyber-attacks by redirecting potential hackers toward legal career paths.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
