Cyber Incident Member FAQs

Co-op Cyber Incident FAQ

Earlier this year, Co-op was targeted in a cyber attack. We acted quickly to respond and want to make sure our members can find the latest information.

1. What happened?

  • We experienced a cyber incident where malicious third parties attempted to access our systems.
  • As part of this, the criminal attackers were able to copy some data from one of our systems.
  • We took early and decisive action to protect our Co-op, including restricting access to some systems. This helped contain the issue, prevent further data being accessed and protect our wider organisation.
  • We’ve worked closely with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) throughout our investigation and have strengthened our security as a result.

2. What information was accessed?

  • The data which was extracted includes Co-op Group members’ personal data such as names, contact details (residential address, email address and phone number) and dates of birth. The following was not extracted: members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.

3. Has my Co-op password been accessed or compromised?

  • No. Member passwords were not stored in the affected system and we do not believe that they have been compromised.

4. Are you offering compensation?

  • We deeply regret that criminals were able to copy members’ personal data.
  • While this didn’t include sensitive information like passwords or bank details, we understand the concern.
  • Given the limited nature of the data and the very low risk of harm, we’re not offering compensation. However, we’ve continued to give members great value, through member prices and offers like our £10 off £40 thank you.

5. What should I do right now?

  • You don’t need to take any action unless we contact you directly.
  • Just be cautious of suspicious emails or phone calls and never share personal or banking details unless you’re sure who you’re speaking to.
  • You can find guidance on staying safe online from the National Cyber Security Centre [here](https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online).

6. Why didn’t I get an email from Co-op about the cyber attack?

  • We emailed members who had told us they wanted to receive communications from us and for whom we held a valid email address.
  • If you didn’t get a message, it may be because you’d opted out of emails, we didn’t hold an up-to-date address for you, or the email went to your junk or spam folder.
  • You can check or update your preferences by logging into your online account.

7. Can I still use my membership card and app?

  • Yes. Your membership is active and secure. You can continue to earn and spend rewards as usual.

8. Will this stop me receiving offers or emails from Co-op?

  • No. Your contact preferences are unchanged. If you’d like to update them, you can do so via your online account or by contacting us.

9. Is member data from other co-operative societies impacted?

  • There is no impact on the data of members of other co-operative societies, which are run separate from the Co-op Group.