Co-Op Cyber Attack Results In Data Breach Affecting 6.5 Million Members

The Co-operative Group’s chief executive, Shirine Khoury-Haq, has apologised to its members after confirming that a recent cyber-attack led to the theft of the personal details of all 6.5 million of its members. Speaking publicly, she revealed that hackers accessed names, addresses, and contact information, although sensitive financial data such as credit card details and transaction records remain secure. The breach occurred in April, prompting widespread concern among customers and stakeholders.

Khoury-Haq expressed regret for the incident, acknowledging the distress caused to members and emphasising her personal commitment to addressing the fallout. Previously, the Co-op had stated that a “significant number” of members had been impacted, but it has now clarified that all members’ data was compromised. “It hurt my members, they took their data, and it hurt our customers, and that I do take personally,” Khoury-Haq remarked.

In response to the breach, the Co-op was forced to shut down parts of its IT systems. This disruption led to visible gaps on shelves in its grocery stores and left funeral parlours relying on paper-based systems to deliver services. Despite these operational challenges, the company believes many of its systems avoided significant damage due to detection protocols that identified suspicious activity within hours of the attempted infiltration.

Executives recently told MPs that the group had invested heavily in detection systems rather than cyber-insurance. As a result, they do not expect to recover the costs associated with the attack. The disruption highlights the growing cybersecurity challenges faced by retailers and service providers, especially as cybercrime targeting the sector becomes more frequent and sophisticated.

Investigations by the National Crime Agency and police are ongoing. Authorities have arrested four individuals, including three teenagers, at locations in the West Midlands, Staffordshire, and London. The primary suspect, a group of hackers known as Scattered Spider, is believed to be responsible for this attack and other recent incidents, including cyber-attacks on Marks & Spencer and Harrods, which occurred around the same time.

Customers concerned about the safety of their personal information have been advised to seek guidance from the Information Commissioner’s Office. With the rise in cyber-attacks on businesses, the incident at the Co-op serves as a stark reminder of the importance of robust cybersecurity measures to protect both organisations and their customers from potential threats.