World News

Co-op Cyberattack Exposes Customer Data: Hackers Leak Evidence in Escalating Breach

Writer
Writer
35aeafb0 276b 11f0 9ebe cd0e86e27cba
Co-op cyber attack: Staff told to keep cameras on in meetings
photo by bbc

The Co-op Group has admitted that personal data of a “significant number” of its members was stolen in a recent cyberattack, after hackers contacted BBC News with damning proof of the breach. The attackers, identifying themselves as the ransomware group DragonForce, claim the attack is far more severe than Co-op initially admitted.

Contents
Hackers Reveal Evidence to the BBCScope of the Breach and Internal MeasuresDragonForce and Broader Cyber ThreatsPotential Fallout and Public Response‘Wake-up call’

Co-op, which had previously said there was “no evidence that customer data was compromised,” now confirms that the cyber criminals accessed internal IT systems and stole names, addresses, emails, and membership card numbers of current and former members.

Hackers Reveal Evidence to the BBC

DragonForce shared screenshots of internal Microsoft Teams messages and video calls, including an extortion message sent to Co-op’s head of cybersecurity on April 25. The group claimed to have exfiltrated internal databases containing sensitive customer and employee data.

“Hello, we exfiltrated the data from your company. We have customer database, and Co-op member card data,” the hackers wrote.

They also sent a sample dataset of 10,000 customers, including names, home addresses, phone numbers, emails, and membership numbers. The BBC verified the authenticity of the files but destroyed the data and has not published it.

Scope of the Breach and Internal Measures

While DragonForce claims to have stolen data from up to 20 million Co-op members, the company has not confirmed that figure. In an updated statement to the stock market and staff, Co-op disclosed that the breach affects “a significant number” of people and that it is now working with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).

Security protocols have been stepped up across Co-op’s operations, including ordering employees to keep cameras on during Teams calls, avoid call transcriptions, and verify participants. These changes appear to be a direct response to the hackers’ access to internal communications.

DragonForce and Broader Cyber Threats

Over 1.4M Users Exposed in Tracelo Breach
photo by mssp alert

DragonForce is a ransomware gang known for combining data theft with extortion. The group operates a ransomware-as-a-service model, allowing affiliates to use its software for attacks. According to cybersecurity analysts, their tactics resemble those used by Scattered Spider or Octo Tempest—English-speaking, loosely organized cybercriminals operating on platforms like Telegram and Discord, often consisting of tech-savvy teenagers.

The hackers told the BBC they are “putting UK retailers on the Blacklist” and referred to themselves using aliases from the TV show The Blacklist—”Raymond Reddington” and “Dembe Zuma.”

Potential Fallout and Public Response

Co-op has over 2,500 supermarkets, 800 funeral homes, and an insurance arm, with around 70,000 employees nationwide. While the company says no banking or transaction data was stolen, the exposed personal details are still considered highly sensitive and valuable for identity theft or phishing scams.

Government minister Pat McFadden emphasized the need for all businesses to treat cybersecurity as “an absolute priority.”

As investigations continue, the incident underscores the evolving sophistication of ransomware threats and the urgent need for tighter corporate cyber defences in the UK retail sector.

‘Wake-up call’

UK government officials have met over the cyber attacks, with national security staff and the chief executive of the National Cyber Security Centre discussing support for retailers.

In a keynote speech next week setting out government action, minister Pat McFadden – who has responsibility for cyber security – will say the attacks need to be a “wake-up call” for every UK business.

“In a world where the cybercriminals targeting us are relentless in their pursuit of profit – with attempts being made every hour of every day – companies must treat cyber security as an absolute priority.

“We’ve watched in real-time the disruption these attacks have caused – including to working families going about their everyday lives.

“It serves as a powerful reminder that just as you would never leave your car or your house unlocked on your way to work. We have to treat our digital shop fronts the same way.”

Related: How ransomware gangs operate in the UK | Preventing corporate cyberattacks in 2025

TAGGED:
Share This Article
Previous Article download 1 Weinstein Accuser Miriam Haley Breaks Down in Court During Emotional Retrial Testimony
Next Article 24303b03 6236 4a71 b304 5dad1bffa4b3 Trump Claims China Controls Bagram Airfield in Afghanistan: Reality or Rhetoric?
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest News

Oponion

Rain in city 6 1747792813454 1747792826961 1

Heavy Rainfall in Mumbai, Bengal; Thunderstorms Forecast for Delhi and South India: IMD Alert

The India Meteorological Department (IMD) has issued a high-alert weather…

why india grounding turkish aviation firm celebi is a seismic security shift 184734642 16x9 0

India Blocks Turkish Firm Çelebi on Security Grounds: No Explanation Given

Introduction In a significant development with geopolitical implications, the Indian…

article

2 Terrorists Linked to 2023 Pune Conspiracy Arrested in Mumbai

Introduction The National Investigation Agency (NIA) has apprehended two operatives…

images 41

Ukraine and Russia Hold First Direct Talks Since 2022, Agree on 1,000 Prisoner Swap

For the first time in over three years, Ukrainian and…

freepik export 20240501163758a0i6

Top 6 Ways AI Reduces Workplace Burnout and Boosts Productivity

Introduction Workplace burnout is more than a buzzword—it's a growing…

Previous Next