Co-op has revealed that hackers stole personal data of all its 6.5 million members in a cyber-attack that hit the retailer in April.
Shirine Khoury-Haq, Co-op’s CEO, confirmed the breach affecting members’ personal information, including names, addresses, and contact details. Financial or transaction data were not compromised.
The attack forced Co-op to take immediate action, disconnecting its systems to stop further damage. Although hackers were kicked out, the stolen data could not be erased, allowing the company to track their activity and assist authorities.
This breach is part of a wave of cyber-attacks targeting major UK retailers, alongside Marks & Spencer and Harrods. The National Crime Agency has arrested four suspects aged between 17 and 20 in connection with these incidents.
Co-op is still working to restore its back-end systems and has partnered with a cyber-security talent programme called The Hacking Games. The programme aims to guide young hackers towards ethical careers, with plans for a pilot in Co-op-run academies.
Khoury-Haq expressed deep regret, saying, “It hurt my members; they took their data, and that I do take personally.” She also shared how the attack heavily impacted her IT staff, describing the ordeal as “personal” for her.
