Shirine Khoury-Haq, the Chief Executive of Co-op, has confirmed that all 6.5 million of its members had their data stolen in the cyber attack on the convenience retailer that took place in April.
Speaking to BBC Breakfast in her first public interview since the hack, she said: “I’m devastated that information was taken … There was no financial data, no transaction data, but it was names and addresses and contact information that was lost.”
Khoury-Haq said that she was “incredibly sorry” for the attack and that it was “personal” to her because of the impact that it had on her colleagues.
“Early on, I met with our IT staff, and they were in the midst of it. I will never forget the looks on their faces, trying to fight off these criminals,” she said.
Once the hackers had been removed from the systems, “they could not erase what they did, so we could monitor every mouse click,” and Co-op was able to send that information to the authorities.
But she added: “We know a lot of that information is out there anyway, but people will be worried and all members should be concerned … It hurt my members, they took their data and it hurt our customers and that I do take personally.”
The interview with the BBC came as Co-op announced a new partnership with The Hacking Games, a UK-based social impact business, to help prevent cybercrime by “identifying young cyber talent and channelling their skills into positive, ethical careers”.
The initiative will combine Co-op’s reach across the UK, 38 Co-op Academy schools and their 6.5 million member base with The Hacking Games’ expertise in cybercrime.
The retailer noted that the cyber threat landscape is evolving at an alarming rate, and the need for skilled cybersecurity professionals has never been greater. Already valued at £13.2bn, the government has identified cybersecurity as a key frontier industry with potential for growth. However, tens of thousands of cybersecurity jobs in the UK remain vacant.
Co-op noted that there is an urgent need to engage Gen Z and inspire them to pursue careers in cybersecurity, putting their cyber skills to ethical use as hackers for good, rather than being drawn down a more nefarious route that can cause real disruption to victims.
The Hacking Games is tackling this challenge by connecting the cybersecurity industry with unconventional talent. Co-op stated that it wants to help prevent cybercrime before it starts by supporting young people to put their skills to good use.
The partnership begins with an independent research study led by Professor Lusthaus of University of Oxford, a leading expert on the social dimensions of cybercrime and hacking. The findings will inform future prevention strategies, including a planned pilot within Co-op Academies Trust, which supports 20,000 students across 38 schools.
The ambition is to co-develop a longer-term programme, with potential to expand to the wider UK education system, that supports earlier engagement, targeted student and parent training, and inspires future pathways into ethical cyber careers.
“We know first-hand what it feels like to be targeted by cybercrime. The disruption it causes, the pressure it puts on colleagues, and the impact it has on the people and communities we serve, said Khoury-Haq.
“At Co-op, we can’t just stand back and hope it doesn’t happen again – to us or to others. Our members expect us to find a cooperative means of tackling the cause, not just the symptom. Our partnership with The Hacking Games lets us reach talented young people early, guide their skills toward protection rather than harm, and open real paths into ethical work. When we expand opportunity, we reduce risk, while having a positive impact on society.”
Fergus Hay, Co-founder and CEO of The Hacking Games, added: “There is an incredible amount of cyber talent out there – but many young people don’t see a path into the industry, or simply don’t realise their skills can be used for good. This partnership with Co-op will help unlock that potential. It’s about giving people the opportunity to do something positive, showing that their talents are valued and creating a generation of ethical hackers to make the world safer.”
NAM Implications:
- Whilst taking steps to divert cyber-talent from a life of crime is a positive approach…
- …public focus will be on effective prevention of further attacks.
- Anticipate a time-lapse before trust is restored.
- Dilemma for Co-op (and other retailers) is the extent to which preventive action should be publicised.
- (and possibly represent a challenge for other hackers)
- Or whether silence is a better option…
- …while barriers are being reinforced as fast as possible.
