Co-op Group chief executive Shirine Khoury-Haq has apologised to all six and a half million of the group’s members after revealing that their personal data, apparently limited to names, addresses and other contact details, was stolen in a Scattered Spider cyber attack against its systems.
The attack, which unfolded in parallel with incidents at Marks & Spencer (M&S) and Harrods earlier this year, saw cyber criminals penetrate key IT systems causing disruption that spilled over into the physical world as store shelves emptied. It quickly emerged that Co-op member data had been impacted but the full scope of the breach is only now being revealed.
Four people were arrested on suspicion of involvement in the cyber attacks last week, although they have now been bailed pending further investigation.
“I am incredibly sorry,” said Khoury-Haq during an appearance on BBC Breakfast. “It’s awful to have happened, that’s why we feel like we have to do something positive now.”
Khoury-Haq said the attack had felt like a personal one because it hurt customers, members and colleagues, but expressed relief that Scattered Spider had been caught and evicted from the retailer’s systems before they could deploy ransomware.
Jez Goldstone, cyber security expert at innovation and business development network Label Sessions, said: “Individuals cannot rely on mere trust when dealing with large enterprises. They are vulnerable and they are not doing enough to protect your data.
“Unfortunately, these breaches only add to the mountain of already breached data – billions of identities are already traded on the Dark Web. It costs next to nothing to obtain compromised identities.
“Unfortunately, you can’t put the horse back in the stable,” said Goldstone, “but you can, firstly, demand stronger protections from regulators and the organisations you do business with. And, secondly, be aware of scams that try to get you to take urgent action because of some seemingly credible threat – real companies don’t put you under pressure.”
Hacking partnership
Following its experience at the hands of cyber criminal hackers, Co-op has also teamed up with social impact business The Hacking Games to try to prevent future cyber attacks by identifying potential talent, especially among teenage boys, and channelling it into legitimate career paths.
The youth of Scattered Spider’s members has frequently been remarked upon in coverage of the group, with many of its operatives believed to be minors. One of the individuals arrested last week was aged just 17, and all four of the men indicted in the US over the gang’s activities last year are in their early 20s.
Co-op said there was an urgent need to engage young people and inspire then to follow ethical security careers in a sector that faces a constant skills shortfall. As such, it said, The Hacking Games, which was purposely set-up to try to tackle address the link between talented but unengaged young people and cyber crime by connecting the security community to unconventional talent – particularly neurodivergent individuals living with ADHD and/or autism – makes an ideal partner.
Its partnership will draw on Co-op’s nationwide presence and ethical, community-driven business approach and The Hacking Games’ knowledge and expertise in the area to reach into Britain’s schools – starting with 38 institutions that operate within the Co-op Academies Trust. Looking ahead, the ambition is to develop a longer-term plan that could be rolled out across the entire UK education system, supporting engagement, targeted student and parent training, and future careers opportunities.
“At Co-op, we can’t just stand back and hope it doesn’t happen again – to us or to others. Our members expect us to find a cooperative means of tackling the cause, not just the symptom,” said Khoury-Haq.
“Our partnership with The Hacking Games lets us reach talented young people early, guide their skills toward protection rather than harm, and open real paths into ethical work. When we expand opportunity we reduce risk, while having a positive impact on society.”
Fergus Hay, Co-founder and CEO of The Hacking Games, added: “There is an incredible amount of cyber talent out there – but many young people don’t see a path into the industry, or simply don’t realise their skills can be used for good. This partnership with Co-op will help unlock that potential. It’s about giving people the opportunity to do something positive, showing that their talents are valued and creating a generation of ethical hackers to make the world safer.”
This post is exclusively published on eduexpertisehub.com
Source link
