6,500,000 people had their details stolen after Co-op cyber attack

The retailer was one of several victims of a wave of hacks in April (Picture: Shutterstock / WD Stock Photos)

Co-op has admitted that all 6.5million people on its membership scheme had their details stolen in a cyber attack.

The supermarket chain was breached in April,causing limited damage to its back office and call centre services. 

Co-op initially said it took ‘steps to keep systems safe’ and that there was ‘no evidence that customer data was compromised’.

Yet CEO Shirine Khoury-Haq told the BBC this morning that the incident was far worse than thought and impacted all Co-op members.

She told BBC Breakfast: ‘There was no financial data,no transaction data,but it was names and addresses and contact information that was lost.’

Sign up for all of the latest stories

Start your day informed with Metro's News Updates newsletter or get Breaking News alerts the moment it happens.Co-op offers a membership scheme where people can pay to own a share of the business as a co-operative.Khoury-Haq said she was ‘devastated’ by the attack and was ‘incredibly sorry’ for it.She added: ‘Early on,I met with our IT staff and they were in the midst of it.‘I will never forget the looks on their faces,trying to fight off these criminals.’Co-op was one of several major retailers,including Marks & Spencer and Harrods,targeted by hackers over April and May.Both M&S and Co-op store shelves were left barren for weeks following the attacks.Experts previously told Metro that the hackers used malicious software designed by the group DragonForce to rip open Co-op’s servers and try to infect them with ransomware.Empty shelves in the branch of the Co-op in Manchester weeks after the attack (Picture: Danny Lawson/PA Wire)Co-op yanked the plug on its computer network to stop the thieves from compromising it any further,allowing the company to quickly recover.M&S,however,said the ‘highly sophisticated’ attack severely compromised its servers,with thieves possibly gaining access to customer information such as contact details and birthdates.Food deliveries,click and collect services and online orders were upended for weeks,costing the company £300,000,000.The retailer said sly hackers gained access through a social engineering trick – hackers manipulating people to give up confidential information.Julius Cerniauskas,CEO of web intelligence experts Oxylabs, told Metro that ‘no one’ can ignore the threat of cyver attacks.She said: ‘A breach of this scale is jaw-dropping – 6.5million people affected isn’t just a warning sign,it’s a flashing red alert.‘It shows how vulnerable even trusted,everyday institutions like Co-op are to highly organised cybercriminals.’John Paul Allcock,the managing director at the risk management firm NFP,told Metro that Khoury-Haq’s remarks show how ‘far-reaching’ cyber incidents can be.‘Businesses affected by these attacks often face disruption to normal working conditions at the least,with uncertainty of when systems can return to normal,through to the change of significant financial and reputational loss impacting the confidence of customers,suppliers,investors,and other key stakeholders,’ he added.Four people,including three teenagers,have been arrested in connection with the cyber attacks.They were apprehended on suspicion of Computer Misuse Act offences,blackmail,money laundering and participating in a crime group.