Co-op reveals customers’ private details were stolen in cyber attack which forced IT system to shut down
C0-OP customers had their private data stolen in the cyber attacks against the company's computer system.
Personal details such as names, contact information and dates of birth of a "significant number" of customers and past members were compromised, the brand said.
However, the shop said that members' passwords, credit card details, and transaction information were not leaked.
The high-street retailer revealed "malicious" hacking attempts were ongoing, and said it is dealing with a "highly complex" situation.
Cyber criminals managed to extract the data from one of the shop's systems, forensic investigations revealed.
The National Crime Agency and National Cyber Security Centre are investigating the breach.
read more in money
The true scale of the damage was only brought to light after hackers contacted the BBC with evidence they had stolen customer data.
Customers were assured the shop has implemented measures to "minimise disruption".
A statement from the company said: "We appreciate that our members have placed their trust in our Co-op when providing information to us.
"Protecting the security of our members' and customers' data is a priority, and we are very sorry that this situation has arisen."
Most read in Money
The latest revelation comes two days after the brand was forced to shut down its IT systems in the face of hacking attempts.
Confirming the breach to its staff, execs said they had "taken proactive steps to keep our systems safe".
This included restricting access to certain systems, impacting some back-office functions and call centre services.
According to one source, the shutdown resulted in the closure of virtual desktops across the organisation, disrupting several behind-the-scenes operations reliant on head office support, such as stock updates.
Marks and Spencers was also targeted last week by a "cyber incident" which sparked an outage.
Customers were turned away at tills after contactless payments and click-and-collect orders were affected.
In a statement, M&S Chief Executive Stuart Machin warned shoppers of some "small changes" to store operations.
Co-op statement on hack attack
"WE are continuing to experience sustained malicious attempts by hackers to access our systems. This is a highly complex situation, which we continue to investigate in conjunction with the NCSC and the NCA.
"We have implemented measures to ensure that we prevent unauthorised access to our systems whilst minimising disruption for our members, customers, colleagues and partners.
"As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems.
"The accessed data included information relating to a significant number of our current and past members.
"This data includes Co-op Group members' personal data such as names, contact details and dates of birth, and did not include members' passwords, bank or credit card details, transactions or information relating to any members' or customers' products or services with the Co-op Group.
"We appreciate that our members have placed their trust in our Co-op when providing information to us. Protecting the security of our members' and customers' data is a priority, and we are very sorry that this situation has arisen."