UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores.
Co-op (short for the Co-operative Group) is one of the United Kingdom's largest consumer co-operatives, operating food stores, funeral services, insurance, and legal services. It is owned by millions of members who receive discounts on services and share in the company's governance.
Co-op's CEO, Shirine Khoury-Haq, apologized today on the BBC Breakfast show, confirming that the attackers successfully stole the data for all of its 6.5 million members.
"Their data was copied, and the criminals did have access to it like they do when they hack other organizations. That is the awful part of this unfortunately," said Khoury-Haq.
While no financial or transaction information was exposed in the attack, the contact information for its members was stolen.
The CEO said the breach felt like a personal attack, not on her, but rather on the Co-op's members and employees who were impacted.
"And it it's not about me. It was my colleagues. It was personal to me because it hurt them. It hurt my members. They took their data and it hurt our customers and that I do take personally," she explained in the interview.
The cyberattack occurred in April, forcing Co-op to shut down several IT systems to prevent the threat actors from further spreading to devices and ultimately deploying the DragonForce ransomware encryptor.
Initially downplayed as an attempted intrusion into its network, the company later confirmed that a "significant" amount of data was accessed and stolen during the attack.
Sources told BleepingComputer at the time that the breach initially occurred on April 22, after the threat actors conducted a social engineering attack that allowed them to reset an employee's password.
... continue reading