The Co-operative Group said the information was non-sensitive as defined by the UK’s Data Protection Act. The data did not contain any bank account details, National Insurance numbers, health details, telephone numbers or emails, it stressed.
"As a result of an error at a company which provides technical support services to Co-operative Life Planning (CLP), the security of some data was lowered," the group said in a statement quoted by Information Age. "We take our responsibilities to our customers extremely seriously and we have written to all the approximately 83,000 customers affected."
The UK's Information Commissioner's Office (ICO) said that it had been notified about the breach and would be investigating. "We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken”, the agency was quoted as saying by V3.co.uk.
Commenting on the breach, Ross Brewer, management director of international markets with log and security event management firm LogRhythm, said that the “Co-operative Group security breach is further proof of the way that third parties can expose organizations to online threats. If these service providers are going to have access to data, then it is essential they are subject to at least the same level of security as the company procuring their services.”