Co-op confirms that hackers accessed a significant amount of customer data
Co-op has confirmed that a cyber attack targeting its IT systems has resulted in the theft of private data belonging to a “significant” number of past and present customers.
The stolen information includes names and contact details but not passwords, bank or credit card details.
Co-op has been dealing with the impact of an ongoing attack which began last weekend. Earlier this week, it sent an email to 70,000 staff instructing them to keep their cameras on during remote meetings and to verify all participants to prevent unauthorised access.
The company also asked employees to remain vigilant and restricted remote access to parts of its back-office systems.
In a statement issued this evening (2 May), a Co-op spokesperson said: “We are continuing to experience sustained malicious attempts by hackers to access our systems. This is a highly complex situation, which we continue to investigate in conjunction with the NCSC and the NCA.
“We have implemented measures to ensure that we prevent unauthorised access to our systems whilst minimising disruption for our members, customers, colleagues and partners.
“As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems.
“The accessed data included information relating to a significant number of our current and past members.
“This data includes Co-op Group members’ personal data such as names and contact details, and did not include members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.
“We appreciate that our members have placed their trust in our Co-op when providing information to us. Protecting the security of our members’ and customers’ data is a priority, and we are very sorry that this situation has arisen.”
