Skip to content
Search
AI Powered
Latest Stories

Co-op admits hackers extracted ‘significant’ amount of customer data

Co-op UK cyber attack impacting customer data in the retail industry
Photo: iStock

Co-op on Friday (2) admitted that the hackers were able to access and extract data relating to a “significant number” of its customers from one of its systems after it was hit by a cyber attack.

The Co-op was forced to shut down parts of its IT system on Wednesday (30) after discovering an attempted hack days after Marks & Spencer faced a serious cyber-incident.


The group, which owns more than 2,000 grocery stores apart from more than 800 funeral parlours, said hackers had been able to access personal data including names and contact details relating to an undisclosed number of the mutual’s current and past members – of which there are more than 6.2 million.

It said the hackers had not been able to access passwords or financial information such as bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.

The group stated in a statement, "As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems.

“The accessed data included information relating to a significant number of our current and past members.

“This data includes Co-op Group members’ personal data such as names and contact details, and did not include members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group."

The National Cyber Security Centre and the National Crime Agency are assisting with the investigation, the company said.

Co-op Group added,, “We are continuing to experience sustained malicious attempts by hackers to access our systems. This is a highly complex situation, which we continue to investigate in conjunction with the NCSC and the NCA.

“We have implemented measures to ensure that we prevent unauthorised access to our systems whilst minimising disruption for our members, customers, colleagues and partners."

The leak of data from the Co-op emerged after the data protection regulator said it was “making inquiries” with the Co-op and Marks & Spencer. It is understood that M&S customer data has not been accessed.