Co-op’s chief executive has confirmed that Hackers stole the personal data of all 6.5 million Co-op members in an April cyberattack.
The breach exposed names, addresses, and contact details, but no financial data. Co-op says it shut down its systems just in time to block a ransomware attack, though the incident still caused widespread disruption.
CEO Shirine Khoury-Haq called the attack “devastating” and praised IT staff for acting swiftly. The group behind the attack is believed to be ‘Scattered Spider’, a known cybercrime gang that uses social engineering to access internal systems.
Four suspects aged 17 to 20 were arrested and bailed earlier this month in connection with the attacks on Co-op and other UK retailers.
In response, Co-op has partnered with The Hacking Games to help guide young cyber talent into ethical careers, starting with a pilot across its academy schools.
To reduce risk, businesses should train staff to recognise impersonation tactics, restrict internal access, and ensure systems can be swiftly isolated in the event of an attack.