Data of all 6.5 million Co-op members stolen - CEO says she is 'incredibly sorry'

• The personal information of all 6.5 million Co-op members was stolen
• The news was confirmed by Co-op CEO Shirine Khoury-Haq
• The cyberattack also affected Harrods and M&S

The personal information of all 6.5 million UK Co-op members was confirmed to have been stolen in the cyberattack that targeted the supermarket, its CEO has confirmed.

The theft was confirmed by Co-op CEO Shirine Khoury-Haq on BBC Breakfast, who said, “It hurt my members, they took their data and it hurt our customers and that I do take personally.”

“I'm devastated that information was taken. I'm also devastated by the impact that it took on our colleagues as well as they tried to contain all of this,” she added.

Up to 58% Off

Norton 360 with Genie

Today’s cyberthreats are more sophisticated and scams are harder to detect. That’s why we made our all-in-one security more powerful to keep you safer online. Norton 360 now with Genie AI-powered scam detection. Advanced tech for advanced threats starting at $29.99 the first year.

Preferred partner (What does this mean?)

View Deal

Co-op customer details stolen

“There was no financial data, no transaction data but it was names and addresses and contact information that was lost,” Khoury-Haq continued, adding she was “incredibly sorry” about the attack.

The Co-op, Harrods, and M&S were hit by a significant cyberattack in Spring 2025, with online ordering and websites taken down, and significant disruptions to stocks and purchasing for weeks afterwards.

Members of the Co-op pay a fee to join, and are then paid a share of the profits that the business makes each year.

Khoury-Haq added during the attack she met with IT staff attempting to remediate damage and remove the attacks from Co-op systems. “I will never forget the looks on their faces, trying to fight off these criminals,” she added.

Vonny Gamot, Head of EMEA at McAfee provided TechRadar Pro with some guidance on how those affected can best protect themselves:

1. "Assume You're Affected - even if you haven't received notification from Co-op yet, assume your information may have been compromised."
2. "Change Your Passwords Immediately - start with your Co-op account, then move to any accounts that share the same password. Use strong, unique passwords for each account. This is non-negotiable. In 2025, password reuse is one of the fastest ways to turn a single breach into multiple compromised accounts."
3. "Enable Two-Factor Authentication Everywhere - if you haven't already, enable two-factor authentication (2FA) on all accounts that support it, starting with email, banking, and shopping accounts. This adds a crucial second layer of security."
4. "Monitor Your Financial Accounts - check bank statements, credit card bills, and investment accounts for any unusual activity. Set up account alerts if you haven't already, many financial institutions offer real-time transaction notifications."
5. "Consider online protection tools that can keep your info safe with early alerts that show you if your data is found on the dark web. McAfee's Scam Detector can also alert you to suspicious text messages and emails that you receive, which is particularly valuable in the aftermath of a breach when criminals often launch targeted phishing campaigns using stolen contact information."

You might also like

• These are the best password managers around today
• Take a look at the best UK credit monitoring tools on offer
• Meta patches worrying security bug which could have exposed user AI prompts and responses