The chief executive of U.K. retail conglomerate the Co-op on Wednesday said that hackers had stolen the personal data of all of the company’s customers during an April cyberattack.
Co-op Group CEO Shirine Khoury-Haq told BBC News that the hackers copied the company’s member list of 6.5 million members, but that the Co-op shut down its network before the hackers could lock up its systems with ransomware.
The members’ data includes names, addresses, and contact information.
The retailer’s network shutdown subsequently resulted in widespread internal disruption across its U.K. back offices and grocery stores.
The breach at the Co-op in April was part of a broader hacking campaign targeting the U.K. retail sector, which also saw the theft of an unspecified amount of customer data from Marks & Spencer and an attempted cyberattack on Harrods. The cyberattacks were attributed to Scattered Spider, a collective of mostly young hackers that use deception tactics to trick companies’ IT helpdesks into granting them access to their network.
Earlier in July, U.K. authorities arrested four people for allegedly having links to the retail cyberattacks, including a 20-year-old woman, two men aged 19, and a youth aged 17. The four are accused of hacking, blackmail, and participating as a member of an organized crime group.
Since the cyberattacks, the hackers reportedly moved on to target the airline and transportation industry, as well as insurance companies — sectors that store vast amounts of consumers’ data.
It’s not known how much the breach at the Co-op will cost it. According to one retail industry news outlet, the Co-op did not have cybersecurity insurance at the time of the hack, which could result in the company incurring heavy financial costs.
Techcrunch event
San Francisco
|
October 27-29, 2025
