Latest news with #ShirineKhoury-Haq
Tom's Guide
18-07-2025
- Business
- Tom's Guide
Co-op cyberattack exposes personal data of all 6.5 million members — what to do next
The cyberattack at the Co-op Group is now confirmed to have involved the personal data of all 6.5 million members. As reported by Cybernews, Shirine Khoury-Haq, CEO, gave an interview on the BBC this week expressing her regret over the events and confirming the details. The hackers, believed to be members of the Scattered Spider group, managed to copy the member list which included personal details such as full names, home addresses, email addresses, phone numbers and birth dates. Fortunately, as Co-op had previously invested in detection systems that alerted it to the unusual behavior within a few hours, the group was able to shut down parts of its system within hours of the breach keeping the attackers from deploying the DragonForce ransomware. This means that no financial data, purchase history or transaction data was taken and that the hackers were unable to fulfill their goal of using the ransomware attack to blackmail the group. It also means that the attackers were unable to erase what they did, and their code was sent back to authorities resulting in arrests being made. The attack on Co-op occurred in April, just days after the attack on M&S and is believed to be part of a broader campaign that also resulted in a cyberattack targeting Harrods. The Scattered Spider group uses deception tactics to trick IT helpdesk employees into giving its hackers access to a network; the attacks often result in empty grocery store shelves or other businesses reverting back to paper based systems in order to continue operations. The Information Commissioner's Office, the UK's data protection watchdog has said that anyone concerned about their personal data should visit its website for information and support. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Additionally, Co-op members should be on alert for any signs of phishing attacks since threat actors will be looking for vulnerable targets using this stolen data. So be on alert for signs of phishing scams and social engineering attacks so you can avoid falling victim to them. Hackers will often leverage all the information they have on a potential target in order to try and trick you into clicking on a malicious link or downloading a malicious app or other software that appears legitimate but actually contains viruses. Likewise, never click on unexpected links, QR codes or attachments or links from unknown senders. Verify through independent means if someone contacts you asking you to download or click on something. Likewise, don't share personal information with people you don't know online, and clear out any old emails that may contain personal details and information. If you don't already have one of the best antivirus software solutions installed on your devices, make sure you get one. They have multiple features that can help protect you when you go online from VPNs and website alerts to identity monitoring and phishing protection.
North Wales Chronicle
16-07-2025
- Business
- North Wales Chronicle
Data stolen from 6.5 million Co-op members in ‘devastating' cyber attack
The chief executive of the retail and funeral care group Shirine Khoury-Haq said she was 'devastated' by the impact of the attack on workers and members. In late April, the company shut off parts of its IT systems after the attack, in which hackers accessed and extracted members' personal data. Shoppers were faced with empty shelves and issues with payments shortly afterwards caused by the fallout of the incident. It was among a string of high-profile cyber attacks on retailers, with rival Marks & Spencer hit particularly heavily by a cyber incident around Easter, which it said would result in a roughly £300 million hit to its finances. On Tuesday, the Co-op boss confirmed to BBC Breakfast that 'names, addresses and contact information' for all of its members were accessed. Ms Khoury-Haq told the programme: 'We know that a lot of that information is out there anyway but people will be worried and all members should be concerned. 'As soon as we knew what had been taken, we informed our members. We also advised them on what they needed to do to protect their information as well. 'But I am devastated by that, I am devastated that the information was taken.' She said the hackers created a copy of one of the firm's files but were unable to attack its platforms further and install planned ransomware. 'We realised it was happening when the cyber criminals started moving around within our systems and that is when we took action to stop them,' the boss said. 'Unfortunately by the time we had done that, they had made a copy of one of our files, but we did block them from doing anything else. 'It meant shutting down our systems quite dramatically. 'The good news was that we managed to keep our front lines open – our stores and funeral homes stayed open but the impact on colleagues, the impact on our stores, our members, was significant.' Last week, the National Crime Agency said four young people were arrested for their suspected involvement in the cyber attacks against the Co-op, M&S and Harrods. The comments came as the Co-op announced a partnership with a social impact business in the wake of the attack. The link-up with The Hacking Games is aimed at preventing cybercrime by identifying young cyber talent and channelling their skills into positive, ethical careers. The Co-op said cyber threats were evolving at an 'alarming' rate, highlighting the need for skilled cybersecurity professionals. The retail giant said it wants to help prevent cyber crime before it starts by supporting young people to put their skills to good use. Ms Khoury-Haq added: 'We know first-hand what it feels like to be targeted by cybercrime. The disruption it causes, the pressure it puts on colleagues, and the impact it has on the people and communities we serve. 'Our partnership with The Hacking Games lets us reach talented young people early, guide their skills toward protection rather than harm, and open real paths into ethical work. When we expand opportunity we reduce risk, while having a positive impact on society.' Fergus Hay, co-founder of The Hacking Games, said: 'There is an incredible amount of cyber talent out there – but many young people don't see a path into the industry, or simply don't realise their skills can be used for good. 'This partnership with Co-op will help unlock that potential. It's about giving people the opportunity to do something positive, showing that their talents are valued and creating a generation of ethical hackers to make the world safer.'
Yahoo
16-07-2025
- Business
- Yahoo
Data stolen from 6.5 million Co-op members in ‘devastating' cyber attack
All 6.5 million members of the Co-op had their data stolen in the cyber attack against the UK retailer earlier this year, the retailer has revealed. The chief executive of the retail and funeral care group Shirine Khoury-Haq said she was 'devastated' by the impact of the attack on workers and members. In late April, the company shut off parts of its IT systems after the attack, in which hackers accessed and extracted members' personal data. Shoppers were faced with empty shelves and issues with payments shortly afterwards caused by the fallout of the incident. It was among a string of high-profile cyber attacks on retailers, with rival Marks & Spencer hit particularly heavily by a cyber incident around Easter, which it said would result in a roughly £300 million hit to its finances. On Tuesday, the Co-op boss confirmed to BBC Breakfast that 'names, addresses and contact information' for all of its members were accessed. Ms Khoury-Haq told the programme: 'We know that a lot of that information is out there anyway but people will be worried and all members should be concerned. 'As soon as we knew what had been taken, we informed our members. We also advised them on what they needed to do to protect their information as well. 'But I am devastated by that, I am devastated that the information was taken.' She said the hackers created a copy of one of the firm's files but were unable to attack its platforms further and install planned ransomware. 'We realised it was happening when the cyber criminals started moving around within our systems and that is when we took action to stop them,' the boss said. 'Unfortunately by the time we had done that, they had made a copy of one of our files, but we did block them from doing anything else. 'It meant shutting down our systems quite dramatically. 'The good news was that we managed to keep our front lines open – our stores and funeral homes stayed open but the impact on colleagues, the impact on our stores, our members, was significant.' Last week, the National Crime Agency said four young people were arrested for their suspected involvement in the cyber attacks against the Co-op, M&S and Harrods. The comments came as the Co-op announced a partnership with a social impact business in the wake of the attack. The link-up with The Hacking Games is aimed at preventing cybercrime by identifying young cyber talent and channelling their skills into positive, ethical careers. The Co-op said cyber threats were evolving at an 'alarming' rate, highlighting the need for skilled cybersecurity professionals. The retail giant said it wants to help prevent cyber crime before it starts by supporting young people to put their skills to good use. Ms Khoury-Haq added: 'We know first-hand what it feels like to be targeted by cybercrime. The disruption it causes, the pressure it puts on colleagues, and the impact it has on the people and communities we serve. 'Our partnership with The Hacking Games lets us reach talented young people early, guide their skills toward protection rather than harm, and open real paths into ethical work. When we expand opportunity we reduce risk, while having a positive impact on society.' Fergus Hay, co-founder of The Hacking Games, said: 'There is an incredible amount of cyber talent out there – but many young people don't see a path into the industry, or simply don't realise their skills can be used for good. 'This partnership with Co-op will help unlock that potential. It's about giving people the opportunity to do something positive, showing that their talents are valued and creating a generation of ethical hackers to make the world safer.'
The Guardian
16-07-2025
- Business
- The Guardian
Co-op boss admits all 6.5m members had data stolen in cyber-attack
The chief executive of the Co-op has apologised to its customers after admitting that all 6.5 million of the mutual's members had their data stolen in a recent cyber-attack. Shirine Khoury-Haq told the BBC she was 'incredibly sorry' for the attack in which names and addresses and contact information was obtained by hackers. She said no financial information, such as credit or debit card details, or transaction data was stolen in the hack, which occurred in April. 'We know a lot of that information is out there anyway, but people will be worried and all members should be concerned,' she said. Previously, the company had only said that a 'significant number' of its customers' data had been accessed by the hackers, but did not give a precise figure. 'It hurt my members, they took their data and it hurt our customers and that I do take personally,' Khoury-Haq said. The group, which owns more than 2,000 grocery stores, more than 800 funeral parlours and also offers legal and financial services, was forced to shut down parts of its IT systems in late April after discovering an attempted hack, days after Marks & Spencer also faced a serious cyber-incident. The cyber-attack on the Co-op led to gaps on shelves in its grocery stores while its funeral parlours forced to return to operating some services via paper-based systems without access to digital services. Co-op executives told MPs recently that many of its systems were protected from attack because it had defences in place which detected unusual behaviour within a few hours. However, the company admitted it was not expecting to make 'any significant recovery' of the costs of the hack from insurers as it chose to invest in detection systems rather than cyber-insurance policies. Last week, four people including three teenagers were arrested at addresses in the West Midlands, Staffordshire and London as part of an investigation into the cyber-attacks on the Co-op, M&S and Harrods, which all occurred within days of one another. Sign up to Business Today Get set for the working day – we'll point you to all the business news and analysis you need every morning after newsletter promotion The National Crime Agency, which is investigating the hacks alongside the police, is looking at the involvement of Scattered Spider, a loose collective of native English-speaking hackers. The Information Commissioner's Office, the UK's data protection watchdog, has said those concerned about their personal information should visit its website for advice and support. Retailers and their suppliers have faced a series of cyber-attacks in recent years including Morrisons, which was affected by an incident at its tech supplier Blue Yonder in the run-up to Christmas last year. In 2023, WH Smith was hit by an attack in which company data was accessed illegally, including the personal details of current and former employees.
Telegraph
16-07-2025
- Business
- Telegraph
Co-op boss admits details of all 6.5m members stolen in hack
The boss of the Co-op has admitted that the personal data of all 6.5m of its members was stolen during a cyber attack earlier this year. Shirine Khoury-Haq said the names, addresses and contact information of its members had been stolen by hackers, making it one of the biggest data breaches ever reported by a UK retailer. Speaking on BBC Breakfast, she said: 'It hurt my members … and that I take personally.' She said no financial or transaction data was stolen, adding that she was 'incredibly sorry' for the attack. The admission of the scale of the hack came as the retailer vowed to stop teenagers becoming cyber criminals. The Co-op said on Wednesday that it would seek to identify young people at risk of becoming cyber criminals and put them on an 'ethical' path following its devastating cyber attack. It warned of an 'urgent need to engage Gen Z and inspire them to pursue careers in cyber security' amid fears over the teenage hacking gangs assaulting British companies. The Co-op came under attack from cyber criminals in May, leaving the retailer struggling to keep its shelves stocked. Harrods and Marks & Spencer have faced similar attacks. M&S was forced to shutdown its online orders for weeks and its boss warned of a £300m hit to its profits as a result of the attack. Three male teenagers and a 20-year-old woman were last week arrested in connection with the string of attacks on suspicion of conspiracy to commit unauthorised access to computer materials, with intent to commit further offences, blackmail, money laundering and participating in activities of an organised crime group. Ms Khoury-Haq said: 'We know first-hand what it feels like to be targeted by cyber crime. The disruption it causes, the pressure it puts on colleagues, and the impact it has on the people and communities we serve. 'At Co-op, we can't just stand back and hope it doesn't happen again – to us or to others.' The Co-op said it wanted to encourage teenagers to put their cyber skills 'to ethical use as hackers for good, rather than being drawn down a more nefarious route that can cause real disruption to victims'. It has partnered with The Hacking Games, a recruiter that specialises in finding cyber security jobs for people with 'unconventional talent', such as young people with autism. The tie-up will see a pilot scheme launched in Co-op Academies Trust schools, a group of schools across the north of England.
