BEINSMARTSIDE UK 6,500,000 people had their details stolen after Co-op cyber attack

6,500,000 people had their details stolen after Co-op cyber attack

July 16, 2025July 16, 2025 | .. | 0 Comment | 11:11 am
6,500,000 people had their details stolen after Co-op cyber attack post thumbnail image
Co-Op logo outside a store in London
The retailer was one of several victims of a wave of hacks in April (Picture: Shutterstock / WD Stock Photos)

Co-op has admitted that all 6.5million people on its membership scheme had their details stolen in a cyber attack.

The supermarket chain was breached in April, causing limited damage to its back office and call centre services.

Co-op initially said it took ‘steps to keep systems safe’ and that there was ‘no evidence that customer data was compromised’.

Yet CEO Shirine Khoury-Haq told the BBC this morning that the incident was far worse than thought and impacted all Co-op members.

She told BBC Breakfast: ‘There was no financial data, no transaction data, but it was names and addresses and contact information that was lost.’

Sign up for all of the latest stories

Start your day informed with Metro’s News Updates newsletter or get Breaking News alerts the moment it happens.

Co-op offers a membership scheme where people can pay to own a share of the business as a co-operative.

{“@context”:”https://schema.org”,”@type”:”VideoObject”,”name”:”Metro.co.uk”,”duration”:”T47S”,”thumbnailUrl”:”https://i.dailymail.co.uk/1s/2025/07/16/12/100361331-0-image-a-13_1752664550083.jpg”,”uploadDate”:”2025-07-16T12:15:07+0100″,”description”:”CEO Shirine Khoury-Haq confirmed all of Co-op’s members had their data stolen in a hack in April.”,”contentUrl”:”https://videos.metro.co.uk/video/met/2025/07/16/5080806851852649253/480x270_MP4_5080806851852649253.mp4″,”height”:270,”width”:480}

To view this video please enable JavaScript, and consider upgrading to a web
browser that
supports HTML5
video

Up Next

Previous Page
Next Page






















window.addEventListener(‘metroVideo:relatedVideosCarouselLoaded’, function(data) {
if (typeof(data.detail) === ‘undefined’ || typeof(data.detail.carousel) === ‘undefined’ || typeof(data.detail.carousel.el_) === ‘undefined’) {
return;
}
var player = data.detail.carousel.el_;
var container = player.closest(‘.metro-video-player’);
var placeholder = container.querySelector(‘.metro-video-player__up-next-placeholder’);
if (placeholder) {
container.removeChild(placeholder);
container.classList.add(‘metro-video-player–related-videos-loaded’);
}
});

Khoury-Haq said she was ‘devastated’ by the attack and was ‘incredibly sorry’ for it.

She added: ‘Early on, I met with our IT staff and they were in the midst of it.

‘I will never forget the looks on their faces, trying to fight off these criminals.’

Co-op was one of several major retailers, including Marks & Spencer and Harrods, targeted by hackers over April and May.

Both M&S and Co-op store shelves were left barren for weeks following the attacks.

Experts previously told Metro that the hackers used malicious software designed by the group DragonForce to rip open Co-op’s servers and try to infect them with ransomware.

Empty shelves in the branch of the Co-op in Manchester following the major cyber attack. The Manchester-based group said it is working closely with suppliers to restock its stores after the hack caused significant disruption across its retail chain and led to bare shelves in many of its shops. Picture date: Friday May 16, 2025. PA Photo. Photo credit should read: Danny Lawson/PA Wire
Empty shelves in the branch of the Co-op in Manchester weeks after the attack (Picture: Danny Lawson/PA Wire)

Co-op yanked the plug on its computer network to stop the thieves from compromising it any further, allowing the company to quickly recover.

M&S, however, said the ‘highly sophisticated’ attack severely compromised its servers, with thieves possibly gaining access to customer information such as contact details and birthdates.

Food deliveries, click and collect services and online orders were upended for weeks, costing the company £300,000,000.

The retailer said sly hackers gained access through a social engineering trick – hackers manipulating people to give up confidential information.

John Paul Allcock, the managing director at the risk management firm NFP, told Metro that Khoury-Haq’s remarks show how ‘far-reaching’ cyber incidents can be.

‘Businesses affected by these attacks often face disruption to normal working conditions at the least, with uncertainty of when systems can return to normal, through to the change of significant financial and reputational loss impacting the confidence of customers, suppliers, investors, and other key stakeholders,’ he added.

Four people, including three teenagers, have been arrested in connection with the cyber attacks.

They were apprehended on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in a crime group.

Get in touch with our news team by emailing us at webnews@metro.co.uk.

For more stories like this, check our news page.

Leave a Reply

Your email address will not be published.

Related Post