All Co-Op’s 6.5 Million Members Had Details Stolen in Cyber Attack, Boss Confirms
The Co-op's CEO, Shirine Khoury-Haq, has confirmed that all 6.5 million members of the retail and funeral care group had their details stolen in a major cyber attack earlier this year. The revelation comes as the company is still dealing with the fallout from the incident, which saw hackers access and extract members' personal data.
Ms Khoury-Haq apologized to its members and expressed her devastation at the attack, stating that "names, addresses and contact information" for all of its members were accessed. She told BBC Breakfast that while a lot of the information was already available in the public domain, many people would still be worried and concerned about their data being compromised.
The Co-op had shut off parts of its IT systems after the attack, which resulted in issues with payments and empty shelves in some stores. The incident was just one of several high-profile cyber attacks on retailers in recent months, including a notable breach at rival Marks & Spencer around Easter.
Ms Khoury-Haq explained that the hackers had created a copy of one of the firm's files but were unable to attack its platforms further and install planned ransomware. However, this meant that shutting down the company's systems was necessary to stop the cyber criminals in their tracks.
"Unfortunately by the time we had done that, they had made a copy of one of our files, but we did block them from doing anything else," she said. "It meant shutting down our systems quite dramatically. The good news was that we managed to keep our front lines open - our stores and funeral homes stayed open, but the impact on colleagues, the impact on our stores, our members, was significant."
Last week, the National Crime Agency announced that four young people had been arrested in connection with the cyber attacks against the Co-op, M&S, and Harrods. The news comes as the Co-Op has announced a partnership with social impact business The Hacking Games to help fight cybercrime.
A Partnership to Prevent Cybercrime
The Co-op's partnership with The Hacking Games aims to prevent cybercrime by identifying young cyber talent and channelling their skills into positive, ethical careers. The company says that cyber threats are evolving at an "alarming" rate, highlighting the need for skilled cybersecurity professionals.
Shirine Khoury-Haq said: "We know first-hand what it feels like to be targeted by cybercrime. The disruption it causes, the pressure it puts on colleagues, and the impact it has on the people and communities we serve. We can't just stand back and hope it doesn't happen again - to us or to others. Our members expect us to find a co-operative means of tackling the cause, not just the symptom."
Co-founder of The Hacking Games, Fergus Hay, added: "There is an incredible amount of cyber talent out there - but many young people don't see a path into the industry, or simply don't realise their skills can be used for good. This partnership with Co-op will help unlock that potential. It's about giving people the opportunity to do something positive, showing that their talents are valued and creating a generation of ethical hackers to make the world safer."
Security minister Dan Jarvis also weighed in on the issue, stating: "Cybercrime destroys lives. The criminals carrying out these acts put the public and the economy at risk, and that's why we're continuing to take the decisive action necessary to keep UK jobs and businesses safe."