Co-op apologises after hackers access members’ personal data

The Co-op has apologised after hackers accessed and extracted members’ personal data such as names and contact details.

The retail firm said on Friday it is experiencing “sustained malicious attempts” to access its systems, having already shut off parts of its IT systems earlier this week.

It comes after fellow retailers Harrods and Marks & Spencer were also hit with cyber attacks, with the latter continuing to deal with the fallout of a ransomware attack which has left the business unable to process online orders since last Friday.

The National Crime Agency (NCA) said it is investigating the attacks individually but are “mindful they may be linked”.

A Co-op spokesperson said: “As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems.

“The accessed data included information relating to a significant number of our current and past members.

“This data includes Co-op Group members’ personal data such as names and contact details, and did not include members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.

“We have implemented measures to ensure that we prevent unauthorised access to our systems whilst minimising disruption for our members, customers, colleagues and partners.

“We appreciate that our members have placed their trust in our Co-op when providing information to us. Protecting the security of our members’ and customers’ data is a priority, and we are very sorry that this situation has arisen.”

The business said its back office and call centre services have been affected but Co-op’s more than 2,000 grocery stores and 800 funeral parlours across the UK are trading as usual.

A National Crime Agency spokesperson said: “We are aware of the recent cyber incidents affecting the retail sector and are working closely with our law enforcement partners to investigate.

“We are considering the incidents individually, however, we are mindful they may be linked and therefore this will remain under review.”

The National Cyber Security Centre said the attacks should be a “wake-up call” for businesses.

CEO Dr Richard Horne said: “The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public.

“The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.

“These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”

Published: 03/05/2025 by Radio NewsHub