The Co-operative Group recently disclosed that a cyber incident, initially thought to be contained, involved unauthorized access to member records. Hackers exfiltrated personal details—names, email addresses, phone numbers and postal addresses—of both current and former members. No financial, password or sensitive authentication data was compromised, but the theft of contact information raises concerns over potential phishing campaigns and identity fraud. The Co-op is now notifying affected individuals, offering guidance on monitoring communications and implementing enhanced security measures. The incident underscores the persistent threat of data breaches in retail environments, highlighting the importance of robust access controls, timely detection mechanisms and comprehensive incident response plans. Although the stolen data may seem low risk compared to financial credentials, the volume of information taken could still facilitate social engineering attacks and undermine member trust. Regulators are also assessing the adequacy of the Co-op’s security safeguards, with potential implications for compliance and reputational impact. Moving forward, the group is accelerating security audits, strengthening encryption protocols and reviewing third-party access to reduce the likelihood of future breaches.
Source: https://www.scworld.com/brief/toll-of-kelly-benefits-breach-exceeds-400k
"id": "coo849050725",
"linkid": "coop-group",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"