During an appearance on the BBC, Co-op chief executive Shirine Khoury-Haq confirmed that member data such as names, addresses and contact information was accessed by hackers during the attack.
“I’m devastated that information was taken,” Khoury-Haq said.
“I’m also devastated by the impact that it took on our colleagues as well as they tried to contain all of this.”
While personal information was stolen, the hackers did not access financial information such as card numbers.
“There was no financial data, no transaction data but it was names and addresses and contact information that was lost,” she added.
The cyberattack on Co-op took place at the end of April, around the same time that Marks & Spencer and Harrods were also targeted.
On 10 July, the National Crime Agency announced that two males aged 19, another aged 17, and a 20-year-old female had been arrested in relation to the attacks on the three retailers.
The four young people were apprehended at their home addresses in the West Midlands and London respectively on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group.
Describing the impact the attack has had on Co-op employees, Khoury-Haq recalled: “Early on I met with our IT staff and they were in the midst of it. I will never forget the looks on their faces, trying to fight off these criminals.”
She added: “We know a lot of that information is out there anyway, but people will be worried and all members should be concerned.”
In a statement shared in early June, Khoury-Haq said that the retailer was almost completely recovered from the attack.
Co-op members are able to vote on motions at the firm’s AGM, with nearly 73% of members recently backing a motion that called on the firm to cease trading with Israel in response to its ongoing assault on Gaza that has killed at least 58,500 people over that past 20 months.
The group has since announced that it would stop sourcing Israeli goods.
