Retailer Co-op: Attackers Snatched All 6.5 Million Member Records
The Co-op Group, a UK-based supermarket chain, has confirmed that all 6.5 million of its members had their data stolen during a cyberattack in April. The attack, believed to be carried out by the group Scattered Spider, targeted the member file, but was thwarted before the attackers could deploy ransomware.
The Co-op's chief executive officer, Shirine Khoury-Haq, confirmed the scale of the attack on Wednesday during an appearance on the BBC Breakfast show. She stated that while the data stolen was mostly personal information, such as names and contact details, no financial or transaction data was affected.
"Honestly, I'm devastated that information was taken," Khoury-Haq said, adding that she is also "devastated" by the impact on her colleagues who worked to contain the attack. She praised their efforts, saying, "I will never forget the looks on their faces trying to fight off these criminals and protect our members' data."
A White Hat Education Scheme Announced
The Co-op has announced a partnership with The Hacking Games, a social impact business that aims to identify neurodiverse youth who may be vulnerable to drifting into cybercrime. The program will provide initiatives for students at Co-op-branded schools, inspiring them to pursue a career in ethical cybersecurity.
The partnership is part of the Co-op's long-term ambition to expand this effort into the wider education system. Cybersecurity consultant Greg Francis, who works with 4D Cyber Security Ltd and has experience as a former SOCA and NCA cybercrime investigator, praised the initiative. "There's a vital role for stakeholders – from parents and educators to search engines, gaming platforms, and the cybersecurity industry – to embrace their digital responsibility and help young people make informed choices."
Investigation and Arrests
The National Crime Agency (NCA) arrested four individuals aged between 17 and 20 as part of its investigation into the attacks on British retail companies. The suspects were released on bail pending further investigations, but none had been charged at this stage.
Senior minister Pat McFadden spoke to a parliamentary joint committee about the recently announced National Security Strategy, emphasizing the importance of robust protections in place for critical infrastructure providers such as supermarkets.
A Wake-Up Call
McFadden said that the costly attacks on retailers should serve as a wake-up call for both government and other organizations. He added, "I think that supermarkets have very robust food distribution systems... I don't want to alarm the public here, but I would say those attacks did show the importance of strong cybersecurity."
The minister also emphasized the need for discussion on incentivization among critical infrastructure providers, including banking, energy, and food distribution. He stated, "I think if you look at the experience of what has happened in the last couple of months, boards will be very conscious of the danger of this, seeing what it has done to a couple of Great British companies and household names in recent months."