Shirine Khoury-Haq Speaks Out After Co-op Cyber Attack Hits All 6.5 Million Members
Shirine Khoury-Haq, Chief Executive of Co-op, has broken her silence following a large-scale cyber attack that saw the personal data of all 6.5 million Co-op members stolen. The breach, which took place in April, has now been confirmed to have exposed names, addresses, and contact information.
“I’m devastated that information was taken. I’m also devastated by the impact that it took on our colleagues as well as they tried to contain all of this,” Khoury-Haq revealed during a candid interview on BBC Breakfast — her first public appearance since the breach.
The data compromise did not include financial or transactional information, but the emotional toll on both customers and staff was immense.
“There was no financial data, no transaction data but it was names and addresses and contact information that was lost,” she clarified.
Khoury-Haq, who has been leading the mutual retailer since 2022, described the attack as deeply personal.
“It hurt my members, they took their data and it hurt our customers and that I do take personally,” she admitted.
She also recalled the moment she met with the company’s IT team as they fought to fend off the intrusion. “Early on I met with our IT staff and they were in the midst of it. I will never forget the looks on their faces, trying to fight off these criminals,” she said.
The hackers, though removed from Co-op’s systems in time, had already accessed a trove of personal data.
“We know a lot of that information is out there anyway, but people will be worried and all members should be concerned,” she warned.
Despite the setback, Co-op moved quickly. The systems were disconnected from the internet just in time to block a full-blown ransomware attack. Since then, the retailer has been working tirelessly to restore its internal infrastructure.
The company has yet to disclose the full financial impact of the breach. But rebuilding efforts are well underway.
In a notable response, Co-op is teaming up with The Hacking Games, a cybersecurity initiative that identifies young tech talent and helps steer them toward ethical careers.
“The research shows that if you offer these kids talent development opportunities and career opportunities, the vast majority of them will take the legitimate pathway,” said Fergus Hay, CEO of The Hacking Games.
A pilot programme is set to launch with Co-op Academies Trust, which manages 38 schools across England. The initiative is aimed at turning potential hackers into cyber-defenders before they get drawn into the dark web.
Co-op wasn’t alone. High-street giants Marks & Spencer (M&S) and Harrods were also targeted in what authorities are calling a coordinated spring cyber offensive.
Initially, Co-op played down the breach, suggesting only minor disruption. That quickly changed once the attackers made contact with journalists. Days later, the true scale of the incident came to light, with data from past and present members confirmed to be in the hands of cybercriminals.
M&S, too, faced serious system outages, reportedly costing millions in recovery efforts.
Last week, the National Crime Agency announced four arrests linked to the attacks, including a 20-year-old woman in Staffordshire and three teenage males in London and the West Midlands. The suspects are being held under various charges, including computer misuse, blackmail, and money laundering.
This breach marks one of the most significant data security incidents in the UK retail sector this year.
As Shirine Khoury-Haq said, it’s not just about systems. It’s about people. Customers. Staff. Communities. Trust.
And while Co-op continues its recovery, the message from the top is loud and clear — cybercrime is personal.
