MANCHESTER/LONDON — The Co‑operative Group confirmed today that hackers stole personal data belonging to all 6.5 million of its UK members during a “highly sophisticated” cyberattack earlier this year. The incident forced a temporary shutdown of several IT systems in April and has since prompted arrests and a strategic overhaul of the retailer’s cybersecurity posture.
Data Exfiltrated, Ransomware Averted
According to CEO Shirine Khoury‑Haq, hackers accessed and copied membership data—a trove that included names, addresses, and contact details—before being detected and shut out. “As soon as we knew what had been taken, we informed our members,” Khoury‑Haq told BBC Breakfast, expressing her devastation and apologising to customers .
While attackers were blocked from deploying ransomware or further penetrating platforms, the breach had tangible effects: some card machines failed, store inventory systems faltered, and shoppers encountered empty shelves during the shutdown . The Co‑op managed to keep its outlets—and funeral-care services—operational throughout the disruption.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Arrests Signal a Turning Point
British security authorities say four young suspects—three male teenagers and one female in their late teens—were arrested in connection with the intrusions at Co‑op, Marks & Spencer, and Harrods . The National Crime Agency also cited breaches linked to third-party IT providers, highlighting weak password and remote-access protocols as possible entry points .
In response, the Co‑op is launching a partnership with The Hacking Games to identify and mentor young cybersecurity talent, part of a broader effort to counter future threats .