Co-op chief executive Shirine Khoury-Haq has made it clear she will not resign in the wake of a catastrophic cyberattack that saw the personal data of all 6.5 million members stolen in April 2025.
Facing intense scrutiny, Khoury-Haq described the breach as a heartbreaking moment for the cooperative, telling BBC Breakfast she was devastated that information was taken and that it hurt her members and customers personally.
The attack, attributed to the hacker group Scattered Spider, exploited vulnerabilities in Co-op’s IT systems, leading to internal chaos, empty store shelves, and a crisis of trust for one of the UK’s most prominent retailers.
Khoury-Haq confirmed that hackers had stolen names, addresses, and contact details, but they did not access any financial or transaction information. The breach was discovered in time to prevent ransomware deployment, but the hackers had already copied the full member list before the co-op’s IT teams locked them out.
Recovery efforts are ongoing, and while Khoury-Haq says the business is nearing a full and complete recovery, the long-term reputational damage will be harder to repair.
Why is the Co-op CEO staying on after the breach?
Khoury-Haq, appointed permanently as CEO in 2022 after serving as chief financial officer, is the first female leader in the Co-op’s 160-year history. She brings a global corporate pedigree, having held senior roles at Lloyd’s of London, Catlin, IBM, and McDonald’s.
People view her methodical, transparent, and long-term stability-focused leadership style as crucial for navigating the crisis. Facing calls for accountability, Khoury-Haq has chosen to confront the breach directly, vowing to restore confidence rather than stepping aside.
Did you know?
Co-op CEO Shirine Khoury-Haq is the first woman to lead the 160-year-old cooperative, bringing a global finance and operations background from Lloyd’s of London, McDonald’s, and IBM before joining the Co-op in 2019.
How will Co-op rebuild trust with members and staff?
The cooperative’s unique business model, owned by its members, makes the breach especially painful. Khoury-Haq has described the attack as personal, acknowledging the breach cut deep into Co-op’s identity as an ethical, community-focused business.
Immediate steps include a cybersecurity overhaul, increased investment in digital defenses, and a partnership to recruit young tech talent into ethical cybersecurity careers.
Co-op is actively restoring its paralyzed back-end systems and keeping its members informed throughout the investigation.
ALSO READ | China’s Largest Corporations Plunge into Record Losses, Triggering Economic Fears
What was the scale and impact of the breach?
The attack is among the largest in UK retail history, affecting every Co-op member. Unlike some previous breaches, no ransom was demanded, but the sheer volume of personal data stolen leaves members vulnerable to phishing, fraud, and identity theft.
The disruption spilled into the physical world, with reports of empty shelves and payment issues in stores as internal systems faltered. No financial data was taken, but experts warn that the stolen contact details could be used in follow-on attacks against both individuals and other organizations.
Are other UK retailers at risk?
The Co-op breach was part of a broader wave of attacks on UK retail, which also targeted Marks & Spencer and Harrods. The arrest of four suspects, all young adults, in connection with the incidents highlights the changing demographics of cybercrime.
As hackers pivot toward industries holding vast amounts of consumer data, experts urge all organizations to adopt proactive cybersecurity strategies. Individuals cannot rely solely on trust when dealing with large enterprises; they remain vulnerable, and companies must improve data protection.
The financial impact on Co-op remains unquantified, but the company’s lack of cybersecurity insurance could leave it exposed to heavy losses. Meanwhile, Khoury-Haq’s leadership will face its toughest test yet as she steers the cooperative through recovery, regulatory scrutiny, and the arduous task of rebuilding member trust in the digital age.
In her own words, Khoury-Haq says she is incredibly sorry for what happened but committed to leading the cooperative forward: It’s awful to have happened, and that’s why we feel like we have to do something positive now.
Comments (0)
Please sign in to leave a comment
No comments yet. Be the first to share your thoughts!