All 6.5 million members of the Co-op had their data stolen in the cyber attack against the UK retailer earlier this year, the retailer has revealed.
The chief executive of the retail and funeral care group Shirine Khoury-Haq said she was “devastated” by the impact of the attack on workers and members.
In late April, the company shut off parts of its IT systems after the attack, in which hackers accessed and extracted members’ personal data.
Shoppers were faced with empty shelves and issues with payments shortly afterwards caused by the fallout of the incident.
It was among a string of high-profile cyber attacks on retailers, with rival Marks & Spencer hit particularly heavily by a cyber incident around Easter, which it said would result in a roughly £300 million hit to its finances.
On Tuesday, the Co-op boss confirmed to BBC Breakfast that “names, addresses and contact information” for all of its members were accessed.
Ms Khoury-Haq told the programme: “We know that a lot of that information is out there anyway but people will be worried and all members should be concerned.
“As soon as we knew what had been taken, we informed our members. We also advised them on what they needed to do to protect their information as well.
“But I am devastated by that, I am devastated that the information was taken.”
She said the hackers created a copy of one of the firm’s files but were unable to attack its platforms further and install planned ransomware.
“We realised it was happening when the cyber criminals started moving around within our systems and that is when we took action to stop them,” the boss said.
“Unfortunately by the time we had done that, they had made a copy of one of our files, but we did block them from doing anything else.
“It meant shutting down our systems quite dramatically.
“The good news was that we managed to keep our front lines open – our stores and funeral homes stayed open but the impact on colleagues, the impact on our stores, our members, was significant.”
Last week, the National Crime Agency said four young people were arrested for their suspected involvement in the cyber attacks against the Co-op, M&S and Harrods.
The comments came as the Co-op announced a partnership with a social impact business in the wake of the attack.
The link-up with The Hacking Games is aimed at preventing cybercrime by identifying young cyber talent and channelling their skills into positive, ethical careers.
The Co-op said cyber threats were evolving at an “alarming” rate, highlighting the need for skilled cybersecurity professionals.
The retail giant said it wants to help prevent cyber crime before it starts by supporting young people to put their skills to good use.
Ms Khoury-Haq added: “We know first-hand what it feels like to be targeted by cybercrime. The disruption it causes, the pressure it puts on colleagues, and the impact it has on the people and communities we serve.
“Our partnership with The Hacking Games lets us reach talented young people early, guide their skills toward protection rather than harm, and open real paths into ethical work. When we expand opportunity we reduce risk, while having a positive impact on society.”
Fergus Hay, co-founder of The Hacking Games, said: “There is an incredible amount of cyber talent out there – but many young people don’t see a path into the industry, or simply don’t realise their skills can be used for good.
“This partnership with Co-op will help unlock that potential. It’s about giving people the opportunity to do something positive, showing that their talents are valued and creating a generation of ethical hackers to make the world safer.”
