UK Retailer Co-op Confirms 6.5 Million Members’ Data Stolen in Massive Cyberattacks

Co-op has confirmed that all 6.5 million members of the UK retail cooperative had their personal data compromised during a sophisticated cyberattack in April. 

The breach, which affected names, addresses, and contact information, represents one of the largest data exfiltrations in recent UK retail history. 

Key Takeaways
1. 6.5 million Co-op members' personal data stolen in April cyberattack.
2. Four suspects arrested by the National Crime Agency on cybercrime charges.
3. Co-op prevented ransomware deployment and partnered with cybersecurity recruitment programs.

While no financial or transaction data was accessed, the attack has prompted widespread concern about cybersecurity vulnerabilities in the retail sector and led to the arrests of four suspects by the National Crime Agency (NCA).

Details of Co-op Cyberattack

The cyberattack on Co-op, alongside simultaneous breaches at Marks & Spencer (M&S) and Harrods, demonstrated the coordinated nature of modern cybercrime operations. 

The threat actors successfully infiltrated Co-op’s IT networks and accessed sensitive member data before being detected by the company’s security systems. 

CEO Khoury-Haq described the emotional toll on her IT staff, stating they were “trying to fight off these criminals” during the active breach.

The attack’s technical sophistication became evident when BBC News revealed that Co-op disconnected internet access from their IT networks just in time to prevent the deployment of ransomware, which could have caused catastrophic system-wide disruption. 

This rapid response likely prevented the complete encryption of Co-op’s back-end systems, though the company continues working to restore full operational capacity. 

The hackers’ methods fell under violations of the Computer Misuse Act, among other charges now facing the arrested suspects.

Following the breach, the NCA arrested four individuals from their home addresses on suspicion of blackmail, money laundering, Computer Misuse Act offenses, and participation in organized crime activities. 

The suspects, ranging from 17 to 20 years old and located across the West Midlands, London, and Staffordshire, have been bailed pending further investigation. 

Electronic devices were seized from all properties as part of the ongoing cybercrime investigation.

In response to the attack, Co-op has partnered with cybersecurity recruitment company The Hacking Games to identify young talent and channel their skills into legitimate careers. 

This initiative includes a pilot programme with Co-op Academies Trust, which operates 38 schools across England. 

The program aims to redirect potential cybercriminals toward legal pathways, with research suggesting that career development opportunities can successfully deter young individuals from criminal activities.

Boost detection, reduce alert fatigue, accelerate response; all with an interactive sandbox built for security teams -> Try ANY.RUN Now