The Co-op Group has acknowledged a substantial data breach in a cyberattack that was reportedly perpetrated by the DragonForce group. The admission comes after the UK-based retailer initially downplayed the severity when it announced last week that it had shut down parts of its IT systems after detecting an attempted network intrusion.
“As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems,” Co-op said in the latest statement. “The accessed data included information relating to a significant number of our current and past members.
“This data includes Co-op Group members’ personal data such as names and contact details, and did not include members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.”
The Co-op Group is currently working with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) to investigate the breach, the statement added.
DragonForce ransomware group behind the attack
According to a report by BBC News, the DragonForce ransomware affiliates are responsible for the attack on Co-op. The hackers contacted the publication and claimed responsibility for the incident. They also stated that they are behind the recent attack on Marks and Spencer (M&S) and similar attempts on Harrods.
Screenshots provided to the BBC depict the initial extortion message sent to Co-op’s head of cybersecurity, detailing the data exfiltration, which included customer databases and Co-op member card data.
DragonForce also shared samples of the stolen data, which included Co-op membership card numbers, names, addresses, emails, and phone numbers of 10,000 customers. The group is allegedly attempting to extort Co-op for money but has not disclosed their plans if the ransom is not paid.
Known for encrypting victims’ data and demanding payment for decryption, DragonForce’s tactics also involve data theft as a form of leverage.
In response to these cyber threats, the British government is set to issue a warning to all UK companies emphasising the critical importance of cybersecurity. Cabinet Office Minister Pat McFadden, in a keynote speech at the CyberUK conference this week, will stress that ‘companies must treat cyber security as an absolute priority’.
This follows a briefing led by McFadden with national security officials and NCSC CEO Richard Horne, addressing recent cyber incidents and the expert support available to affected retailers.
Read more: Harrods becomes third UK retailer this week hit by cyberattack
