The Co-op has issued a formal apology after confirming that cybercriminals accessed and extracted personal information from a large number of its members. The breach, which affected data such as names and contact details, comes amid a string of recent cyber attacks targeting major UK retailers, including Harrods and Marks & Spencer.
In a statement released on Friday, the Co-op revealed it has been battling “sustained malicious attempts” to infiltrate its IT systems, prompting it to shut down parts of its infrastructure earlier this week as a precautionary measure. The retailer confirmed that the hackers managed to access data belonging to both current and former members of the Co-op Group.
A spokesperson for the Co-op said: “As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems. This data includes Co-op Group members’ personal information such as names and contact details. Importantly, the data did not include passwords, bank or credit card details, transactional records, or any information regarding members’ or customers’ products or services with the Co-op Group.”
The retailer, which operates over 2,000 food stores and 800 funeral homes across the UK, assured customers that its front-line operations remain unaffected. However, it acknowledged that internal systems, including its back office and customer call centres, have been disrupted.
The Co-op added: “We have implemented robust measures to prevent further unauthorised access to our systems while doing our utmost to minimise disruption for our members, customers, colleagues, and partners. We appreciate that our members have placed their trust in us, and we are deeply sorry that this situation has arisen. Protecting the security of their data remains a top priority.”
The National Crime Agency (NCA) has launched an investigation into the cyber incidents and said it is working closely with law enforcement partners. A spokesperson for the agency commented: “We are aware of the recent cyber incidents affecting the retail sector and are working closely with our law enforcement partners to investigate. We are considering the incidents individually, however, we are mindful they may be linked and therefore this will remain under review.”
More Read
Marks & Spencer is still grappling with the fallout of a ransomware attack that has halted its ability to process online orders since last Friday, while Harrods also reported a security breach earlier this month. The spate of attacks has raised concerns across the retail sector, with calls for urgent improvements in cyber resilience.
Dr Richard Horne, CEO of the National Cyber Security Centre (NCSC), described the incidents as a “wake-up call” for businesses. He said: “The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers, and the public. The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.”
He added, “These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”
As the investigation continues, consumers are being advised to stay alert for any unusual communications and to report any suspicious activity to relevant authorities. The Co-op said it would continue updating members as more information becomes available.
