The Co-operative Group has confirmed that a cyberattack in April resulted in the theft of personal data belonging to all 6.5 million of its members. Chief Executive Shirine Khoury-Haq told the BBC she is “incredibly sorry,” adding that the compromised information includes names, addresses and other contact details, but no payment card or transaction records. Co-op said it isolated parts of its IT network once the intrusion was detected, preventing the attackers from deploying ransomware and preserving trading across its grocery stores and funeral homes. The retailer warned members to remain vigilant against phishing attempts and acknowledged that empty shelves and payment glitches followed the shutdown of some systems. The National Crime Agency last week arrested four people aged 17 to 20 in connection with the attacks on Co-op, Marks & Spencer and Harrods; all were released on bail pending further investigation. In response to the breach, Co-op has launched a partnership with social-impact firm The Hacking Games to steer young cyber talent into legitimate careers and strengthen the UK’s defences against similar incidents.