# Co-op Boss Apologizes to 6.5 Million People Whose Data Was Stolen in Hack
The chief executive of Co-op, Shirine Khoury-Haq, has confirmed that all 6.5 million of its members had their data stolen in a cyber-attack on the retailer in April. In her first public interview since the hack, Ms. Khoury-Haq expressed her devastation at the breach and acknowledged the impact it had on her colleagues.
The cyber-attack occurred when hackers accessed names, addresses, and contact information from the Co-op's systems, but did not steal any financial data or transaction information.
Ms. Khoury-Haq described the scene as she met with IT staff early in the crisis: "I will never forget the looks on their faces, trying to fight off these criminals." She also expressed her personal connection to the attack, saying that it was "personal" to her because of the impact it had on her colleagues.
The hackers were removed from the systems, but not before they could access sensitive information. The Co-op was able to send this information to authorities, and Ms. Khoury-Haq acknowledged that some of the data may already be out in the wild.
"We know a lot of that information is out there anyway, but people will be worried and all members should be concerned," she said.
The Co-op has not yet disclosed the full extent of the cost of the hack, but it is still working to restore its back-end systems. In response to the breach, the company has partnered with a cyber-security recruitment company called The Hacking Games.
The Hacking Games identifies young talent and channels their skills into legal careers. "The research shows that if you offer these kids talent development opportunities and career opportunities, the vast majority of them will take the legitimate pathway," said its chief executive Fergus Hay.
The Co-op was one of three retailers, alongside Marks and Spencer (M&S) and Harrods, who were victims of cyber-attacks in spring this year. M&S also had customer data stolen, and is still getting its systems back to normal after huge disruption that has cost it millions of pounds.
Four people arrested in connection with the M&S and Co-op cyber-attacks have all been bailed pending further inquiries. The suspects were arrested by police investigating the cyber-attacks that caused havoc at M&S and the Co-op, and are suspected of blackmail, money laundering, and participating in the activities of an organised crime group.
The National Crime Agency (NCA) said on Wednesday that a 17-year-old British man from the West Midlands, a 19-year-old Latvian man from the West Midlands, a 19-year-old British man from London, and a 20-year-old British woman from Staffordshire were all bailed pending further inquiries.
The police also seized electronic devices from the properties of the suspects. The Co-op has not yet disclosed the full extent of the cost of the hack, but it is still working to restore its back-end systems.
In a statement, Ms. Khoury-Haq said: "I'm devastated that information was taken. It hurt my members, they took their data and it hurt our customers – that I do take personally." She also acknowledged the role of IT staff in containing the breach, saying: "Early on I met with our IT staff and they were in the midst of it."
"We know a lot of that information is out there anyway, but people will be worried and all members should be concerned," she added.