The CEO of the Co-op has revealed that all 6.5m of its members had personal data stolen in April’s high-profile cyber-attack, although no financial data was taken.
The attack – linked in the media to the Scattered Spider group – disrupted online orders, contactless payments and in-store stock levels.
“I’m devastated that information was taken. I’m also devastated by the impact that it took on our colleagues as well as they tried to contain all of this,” Shirine Khoury-Haq told BBC Breakfast.
“There was no financial data, no transaction data – but it was names and addresses and contact information that was lost.”
Apologising for the hack, she continued: “Early on I met with our IT staff and they were in the midst of it. I will never forget the looks on their faces, trying to fight off these criminals.
“We know a lot of that information is out there anyway, but people will be worried and all members should be concerned… it hurt my members, they took their data and it hurt our customers and that I do take personally.”
Last week four people were arrested in the UK as part of a National Crime Agency investigation into cyber attacks targeting M&S, Co-op and Harrods.
Two males aged 19, another aged 17, and a 20-year-old female were apprehended in the West Midlands and London on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group.
They have now been bailed.
The Co-op today announced a new strategic partnership with The Hacking Games, a UK-based social impact business, to help prevent cybercrime by identifying young talent and channelling their skills into positive, ethical careers.
There is a skills gap around cyber talent and urgent need to engage Gen Z and inspire them to pursue careers in cybersecurity.
The Hacking Games is tackling this challenge head on by connecting the cybersecurity industry with unconventional talent. With over 50% of tech employees self-identifying as neurodivergent in a UK-wide study, the programme focuses on prevention by creating access to opportunity, building resilience, and supporting better choices – especially for those most at risk of exploitation.
Autistic people, in particular, are seven times more likely to thrive in structured problem-solving environments like cybersecurity, yet 71% of autistic adults in the UK are unemployed.
The Co-op says it will conduct an independent research study led by Professor Lusthaus of University of Oxford, a leading expert on the social dimensions of cybercrime and hacking, with the findings informing future prevention strategies, including a planned pilot within Co-op Academies Trust, which supports 20,000 students across 38 schools.
The ambition is to co-develop a longer-term programme, with potential to expand to the wider UK education system, that supports earlier engagement, targeted student and parent training, and inspires future pathways into ethical cyber careers.
Chancellor names former RBS boss CEO of National Wealth Fund
Khoury-Haq said: “We can’t just stand back and hope it doesn’t happen again – to us or to others. Our members expect us to find a cooperative means of tackling the cause, not just the symptom. Our partnership with The Hacking Games lets us reach talented young people early, guide their skills toward protection rather than harm, and open real paths into ethical work.
“When we expand opportunity we reduce risk, while having a positive impact on society.”
Fergus Hay, co-founder and CEO of The Hacking Games, said: “There is an incredible amount of cyber talent out there – but many young people don’t see a path into the industry, or simply don’t realise their skills can be used for good.
“This partnership with Co-op will help unlock that potential. It’s about giving people the opportunity to do something positive, showing that their talents are valued and creating a generation of ethical hackers to make the world safer.”