Login
iscover
Share this article on:
Powered by MOMENTUMMEDIA
Powered by MOMENTUMMEDIA
Major UK retailer Co-op has confirmed that data belonging to a large number of current and former customers was exfiltrated by threat actors, while the DragonForce ransomware gang claimed responsibility for the incident.
Co-op is a democratically member-owned food retailer based in the UK. In addition to its 2,300 good stores, it also provides legal, insurance and funeral care services.
Co-op Group disclosed the cyber attack on Wednesday (30 April), saying that it had detected unauthorised users attempting to access its systems.
In a statement to BleepingComputer, Co-op confirmed that customer data was exfiltrated after threat actors accessed one of its systems.
“As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems,” said the retailer.
“The accessed data included information relating to a significant number of our current and past members.”
“This data includes Co-op Group members’ personal data, such as names and contact details, and did not include members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.”
Meanwhile, as reported by the BBC, the DragonForce ransomware gang claimed the Co-op cyber attack.
The DragonForce ransomware gang is believed to be linked to Malaysian hacktivists DragonForce Malaysia, though that appears to be entirely based on the name alone. The gang is, however, likely made up of non-native English speakers.
The group
BBC correspondent Joe Tidy was told by DragonForce that it was behind the incident. The DragonForce representative provided samples of customer and business data as evidence of the incident.
DragonForce has racked up 132 victims as of February since it was first observed in December 2023 and is ranked 136 in terms of total victim count. According to Broadcom, the group publicly claimed 93 victims in 2024 alone.
According to the threat actors, the data of 20 million Co-op membership rewards customers was exfiltrated. They also claimed to have contacted Co-op executives, including the head of cyber security on Microsoft Teams.
DragonForce’s claim also lines up with previous claims made regarding two other major UK retailers that were breached in recent weeks.
According to an investigation by Marks & Spencer (M&S), which was breached last month, Microsoft, CrowdStrike, and Fenix24, threat actor Scattered Spider was behind the M&S incident.
Scattered Spider, or Octo Tempest as Microsoft calls them, is a hacking group largely made of teenagers and young adults believed to be based in the UK and the US. The group reportedly deployed the DragonForce ransomware in the M&S attack.
The DragonForce ransomware gang is believed to be working with English-speaking threat actors with tactics in line with Scattered Spider.
Additionally, DragonForce also claimed the cyber attack on UK retailer Harrods.
Be the first to hear the latest developments in the cyber industry.
