- The personal information for all 6.5 million co-op members were stolen
- The news was confirmed by Co-Op CEO Shirine Khoury-Haq
- Cyberattack also affected Harrods and M&S
The personal information for all 6.5 million British CO-OP members were confirmed to have been stolen in Cyberattack targeting the supermarket, its CEO has confirmed.
The theft was confirmed by Co-Op CEO Shirine Khoury-Haq on BBC breakfastIt said, “It hurt my members, they took their data, and it hurt our customers and that I take personally.”
“I am destroyed by the fact that information was taken. I am also destroyed by the influence it took on our colleagues as well as they tried to contain all this,” she added.
Co-op Customer information stolen
“There was no financial data, no transaction data, but it was the names and addresses and contact information that was lost,” Khoury-Haq continued, adding that she was “incredibly upset” about the attack.
Co-Op, Harrods and M&S were hit by a significant cyberattack in the spring of 2025, with online ordering and sites taken down, and significant disturbances on stocks and purchases for weeks after.
Members of Co-Op pay a fee to participate and then pay part of the profits that the company earns each year.
Khoury-Haq added during the attack, she met with IT staff trying to alleviate injuries and remove the attacks from co-up systems. “I will never forget the appearance of their faces and try to fight these criminals,” she added.
Vonny Gamot, head of EMEA at McAfee provided Techradar Pro with some guidance on how to best protect themselves:
- “Suppose you are affected – even if you have not yet received a review from CO -OP, you must assume that your information may have been compromised.”
- “Immediately change your passwords start with your CO-OP account, and then move to any accounts that share the same password. Use strong, unique passwords for each account. This is non-marketable. In 2025, the password recycling is one of the fastest ways to transform a single violation into multiple compromised accounts.”
- “Enable two-factor approval everywhere-if you haven’t already done so, you need to enable two-factor approval (2FA) on all accounts that support it, starting with email, banking and shopping accounts. This adds a crucial second layer of security.”
- “Monitor your financial accounts – Check bank statements, credit card bills and investment accounts for any unusual activity. Create account alarms, if you haven’t already done so, offer many financial institutions real -time transaction notifications.”
- “Consider online protective tools that can keep your information secure with early alarms that show you if your data is found on the dark web. McAfee’s scam detector can also warn you of suspicious text messages and e emails you receive, which is particularly valuable in the wake of a violation when criminals often launch targeted phishing.
