The Co-op has admitted that a cyber attack compromised customer data after hackers contacted the BBC with proof of their infiltration. The hackers, identifying as DragonForce, claim to have stolen significant amounts of customer and employee data from the Co-op’s IT networks. Initially, the Co-op stated that the breach had only a small impact on operations and no customer data was compromised. However, following the disclosure by the hackers, the company acknowledged that a substantial number of current and past members were affected.
DragonForce claims to possess private information of 20 million people who signed up for Co-op’s membership scheme, though the firm has not confirmed this figure. The hackers also assert responsibility for attacks on Marks & Spencer and an attempted breach at Harrods. They provided the BBC with screenshots of internal communications with Co-op’s cybersecurity head and shared databases containing employee credentials and a sample of 10,000 customer records.
Co-op employs approximately 70,000 staff across its 2,500 supermarkets, 800 funeral homes, and insurance business. Following the attack announcement, the company implemented stricter security measures, including verifying participants in Microsoft Teams meetings. The hackers are attempting to extort money from the Co-op but have not disclosed their plans if their demands are not met.
DragonForce is a ransomware group known for encrypting victims’ data and demanding ransoms for decryption keys. They operate an affiliate cybercrime service, allowing others to use their tools for attacks. Security experts suggest the attackers may be part of Scattered Spider or Octo Tempest, a group of English-speaking hackers, some as young as teenagers.
Co-op is cooperating with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) and has apologized for the situation.
— new from BBC