In late March 2024, the Co-operative Group disclosed that a sophisticated cyber-attack on its network had resulted in the unauthorized exfiltration of customer data from one of its back-office systems. According to an FAQ posted on the retailer’s website, hackers were able to extract names, residential addresses, email addresses, phone numbers and dates of birth belonging to Co-op Group members. Although the attackers did not gain access to more sensitive information such as member passwords, payment card details or transaction histories, the incident nevertheless represents a significant breach of personal data. In response, the Co-op took multiple systems offline and engaged with the UK’s National Cyber Security Centre (NCSC) to contain the incident and begin the recovery process. The breach has prompted the NCSC to issue fresh guidance to the wider retail sector, emphasizing the need for robust multi-factor authentication, vigilant monitoring of privileged accounts, and rapid assimilation of threat intelligence. Senior government figures have described the attack as a "wake-up call" for all organizations to treat cybersecurity as a strategic priority. The Co-op continues to investigate the full scope of the compromise and is notifying affected members while reinforcing its defenses to prevent future intrusions.
Source: https://www.infosecurity-magazine.com/news/uks-ncsc-security-tips-coop-data/
"id": "the523050725",
"linkid": "the-co-op-group",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"