Co-op CEO Shirine Khoury-Haq has revealed that all 6.5 million of the convenience retailer’s members had their data stolen in April’s punishing cyberattack.
Khoury-Haq told BBC Breakfast this morning she was “devastated” that members’ names, addresses and contact information “was lost”.
“Early on I met with our IT staff and they were in the midst of it. I will never forget the looks on their faces, trying to fight off these criminals,” she told the programme.
Khoury-Haq – who has been group CEO of Co-op since 2022 – said she would not be stepping down from the role over the incident, but was “incredibly sorry” for the impact it has had on members and staff.
The co-operative has announced a partnership with The Hacking Games, a UK-based social impact business, which helps prevent cybercrime by identifying young cyber talent and channelling their skills into “positive, ethical careers”.
“There is an urgent need to engage Gen Z and inspire them to pursue careers in cybersecurity, putting their cyber skills to ethical use as hackers for good, rather than being drawn down a more nefarious route that can cause real disruption to victims,” Co-op said.
Last week, four people were arrested as part of a National Crime Agency investigation into cyberattacks targeting Co-op as well as M&S and Harrods.
Three of them were teenagers: a 17-year-old British male from the West Midlands, a 19-year-old British male from London, and a 19-year-old Latvian male from the West Midlands.
All four were arrested at their home addresses and had their electronic devices seized for digital forensic analysis. They remain in custody for questioning by officers from the NCA’s National Cyber Crime Unit in relation to the three attacks.
“We know first-hand what it feels like to be targeted by cybercrime. The disruption it causes, the pressure it puts on colleagues, and the impact it has on the people and communities we serve,” Khoury-Haq said in a statement.
“At Co-op, we can’t just stand back and hope it doesn’t happen again – to us or to others. Our members expect us to find a co-operative means of tackling the cause, not just the symptom.”
The Hacking Games partnership is about “giving people the opportunity to do something positive, showing that their talents are valued and creating a generation of ethical hackers to make the world safer”, she added.
M&S and Co-op were hit by cyberattacks within days of each other in late April, as was Harrods. M&S is still rebuilding its systems, and yesterday got its online stock checker for food back up and running, meaning that for the first time in weeks shoppers can browse the food catalogue on M&S’s website. Online sales of clothing lines began resuming in June, though M&S has said it will take until August to fully restore the service.
Co-op moved to a “recovery phase” in May, having suffered severe availability issues during the attack.
Greg Francis, a former SOCA and NCA cybercrime investigator and prevention officer, welcomed the partnership between Co-op and The Hacking Games.
“Unlike their offline counterparts, young people entering cybercrime receive little to no deterrents and are often left to self-police their online activities,” Francis said. “There’s a vital role for stakeholders – from parents and educators to search engines, gaming platforms and the cybersecurity industry – to embrace their digital responsibility and help young people make informed choices.”
No comments yet