Pierluigi Paganini
September 28, 2025
In May, the cybercrime group behind the April Co-op cyberattack, who go online with the name DragonForce, told the BBC that they had stolen data from the British retail and provided proof of the data breach.
Hackers shared screenshots of their first extortion message to Co-op’s cyber chief via Microsoft Teams on 25 April. They also called the head of security at the company around a week ago.
Initially, the company declared that there was “no evidence that customer data was compromised”.
However, the British consumer co-operative owned Co-op later confirmed that threat actors accessed data belonging to current and past members, BBC reported.
“The cyber criminals claim to have the private information of 20 million people who signed up to Co-op’s membership scheme, but the firm would not confirm that number.” reads the post published by BBC.
The DragonForce group also claimed the attack on M&S and told the BBC that they had attempted to hack Harrods.
Now the Co-op retail chain confirmed that the cyberattack it suffered in April caused a $275M (£206 million) revenue loss.
The company said its food business took the hardest hit from April’s cyberattack, with stock shortages lasting weeks. The company avoided ransomware lockdown by disconnecting networks, but 6.5M members still had data stolen.
“The data which was extracted includes Co-op Group members’ personal data such as names, contact details (residential address, email address and phone number) and dates of birth. The following was not extracted: members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.” states the company in the FAQs page.
“Given the limited nature of the data and the very low risk of harm, we’re not offering compensation. However, we’ve continued to give members great value, through member prices and offers like our £10 off £40 thank you.”
In July, the British National Crime Agency (NCA) arrested four individuals in the country following an investigation into the recent wave of attacks targeting Co-op, M&S, and Harrods.
On July 10, Law enforcement arrested 4 youths, aged 17–20, in London and West Midlands, the police also seized their devices for evidence. One suspect is Latvian.
“Four people have been arrested in the UK as part of a National Crime Agency investigation into cyber attacks targeting M&S, Co-op and Harrods. Two males aged 19, another aged 17, and a 20-year-old female were apprehended in the West Midlands and London this morning (10 July) on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group.” reads the press release published by NCA. “All four were arrested at their home addresses and had their electronic devices seized for digital forensic analysis.”
The four suspects faced charges of Computer Misuse Act offenses, blackmail, money laundering, and participation in organized crime.
In June, the Cyber Monitoring Centre (CMC) labeled the cyberattacks on Marks & Spencer and Co-op as a Category 2 systemic event, estimating losses between £270M and £440M.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware attack)
Uncategorized / September 27, 2025
Hacking / September 27, 2025
