The CEO of the UK retail conglomerate said the hackers stole personal data from all of the company's customers during the April cyberattack, according to the cooperative co-op on Wednesday.
Co-op Group CEO Shirine Khoury-Haq told BBC News that hackers had copied a member list of 6.5 million members, but the co-op closed the network before the hackers locked the system with ransomware.
Member data includes name, address and contact information.
The shutdown of the retailer's network has since resulted in widespread internal disruption across UK back offices and grocery stores.
The cooperative violation in April was part of a broader hacking campaign targeting the UK retail sector, and also saw unspecified amounts of customer data theft from Marks & Spencer and attempted Harrods cyberattacks. The cyber attack was attributed to the escaped spider. Scattered spiders are mostly a group of young hackers to use the tactics of deception to trick corporate help desks into granting access to the network.
Earlier in July, British authorities arrested four people allegedly having links to retail cyberattacks, including a 20-year-old woman, two 19-year-old men and a 17-year-old youth.
Since the cyberattack, hackers reportedly targeted the airline and transportation industry, as well as sectors that store huge amounts of consumer data.
We don't know how much a cooperative violation will cost. According to one retail news outlet, the cooperative did not have cybersecurity insurance at the time of hacking, so the company could bear heavy financial costs.
TechCrunch Events
San Francisco | October 27-29, 2025