Co-op data breach affects all 6.5M customers: What was stolen?
What's the story
UK retail giant Co-op has confirmed that a recent cyberattack resulted in the theft of personal data of all its customers. The company's CEO Shirine Khoury-Haq revealed to BBC that hackers stole the member list of 6.5 million people during an April attack. The compromised data includes names, addresses, and contact information but does not include financial details like credit or debit card information or transaction history.
Network impact
Attack part of wider campaign against UK retail sector
The cyberattack on Co-op led to a major disruption in its UK back offices and grocery stores, after the company was forced to shut down its network. The incident was part of a wider hacking campaign against the UK retail sector, which also targeted Marks & Spencer and Harrods. These attacks were carried out by Scattered Spider, a group of mostly young hackers who use deception tactics to gain access to corporate networks.
Legal action
4 people arrested in connection with the attacks
Earlier this month, UK authorities arrested four people in connection with the retail cyberattacks. The group includes a 20-year-old woman, two men aged 19, and a youth aged 17. They are charged with hacking, blackmailing, and being part of an organized crime group. Since these attacks, the hackers have reportedly shifted their focus to the airline and transportation industry as well as insurance companies—industries that hold large amounts of consumer data.
Recovery challenges
Co-op did not have cybersecurity insurance
The full financial impact of the data breach on Co-op remains unknown. According to reports, the firm did not have cybersecurity insurance at the time of the hack, which could lead to significant financial losses.