Pierluigi Paganini
May 03, 2025
The attackers behind the recent Co-op cyberattack, who go online with the name DragonForce, told the BBC that they had stolen data from the British retail and provided proof of the data breach.
Hackers shared screenshots with BBC of their first extortion message to Co-op’s cyber chief via Microsoft Teams on 25 April. They also called the head of security at the company around a week ago.
Initially, the company declared that there was “no evidence that customer data was compromised”.
However, the British consumer co-operative owned Co-op later confirmed that threat actors accessed data belonging to current and past members, BBC reported.
“The cyber criminals claim to have the private information of 20 million people who signed up to Co-op’s membership scheme, but the firm would not confirm that number.” reads the post published by BBC.
The DragonForce group also claimed the attack on M&S and told BBC that they have attempted to hack Harrods.
The threat actors accessed the company’s internal Teams, leaked staff credentials and 10,000 customer records containing Co-op membership card numbers, names, home addresses, emails, and phone numbers. BBC pointed out that after having verified data, they destroyed it.
“This data includes Co-op Group members’ personal data such as names and contact details, and did not include members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group,” a spokesperson told BBC.
DragonForce ransomware group scrambles victims’ data and demands a ransom; they are also known to steal victims’ data. DragonForce runs a cybercrime affiliate service, letting affiliates use its tools to launch attacks and extort victims. The group manages both Telegram and Discord channels, cybersecurity experts believe it is composed of English-speaking teenagers.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
