In late March 2024, the Co-operative Group disclosed that a sophisticated cyber-attack on its network had resulted in the unauthorized exfiltration of customer data from one of its back-office systems. According to an FAQ posted on the retailer’s website, hackers were able to extract names, residential addresses, email addresses, phone numbers and dates of birth belonging to Co-op Group members. Although the attackers did not gain access to more sensitive information such as member passwords, payment card details or transaction histories, the incident nevertheless represents a significant breach of personal data. In response, the Co-op took multiple systems offline and engaged with the UK’s National Cyber Security Centre (NCSC) to contain the incident and begin the recovery process. The breach has prompted the NCSC to issue fresh guidance to the wider retail sector, emphasizing the need for robust multi-factor authentication, vigilant monitoring of privileged accounts, and rapid assimilation of threat intelligence. Senior government figures have described the attack as a "wake-up call" for all organizations to treat cybersecurity as a strategic priority. The Co-op continues to investigate the full scope of the compromise and is notifying affected members while reinforcing its defenses to prevent future intrusions.
Source: https://www.infosecurity-magazine.com/news/uks-ncsc-security-tips-coop-data/
TPRM report: https://scoringcyber.rankiteo.com/company/the-co-op-group
"id": "the523050725",
"linkid": "the-co-op-group",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Retail',
'name': 'Co-operative Group',
'type': 'Retailer'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'type_of_data_compromised': ['names',
'residential addresses',
'email addresses',
'phone numbers',
'dates of birth']},
'date_publicly_disclosed': 'March 2024',
'description': "A sophisticated cyber-attack on the Co-operative Group's "
'network resulted in the unauthorized exfiltration of customer '
'data from one of its back-office systems. Hackers extracted '
'names, residential addresses, email addresses, phone numbers, '
'and dates of birth of Co-op Group members. No access to '
'member passwords, payment card details, or transaction '
'histories was gained.',
'impact': {'data_compromised': ['names',
'residential addresses',
'email addresses',
'phone numbers',
'dates of birth']},
'investigation_status': 'Ongoing',
'recommendations': ['Robust multi-factor authentication',
'Vigilant monitoring of privileged accounts',
'Rapid assimilation of threat intelligence'],
'response': {'communication_strategy': ['Notifying affected members'],
'containment_measures': ['Taking multiple systems offline',
'Engaging with the UK’s National Cyber '
'Security Centre (NCSC)']},
'title': 'Co-operative Group Data Breach',
'type': 'Data Breach'}