Co-op Cyber Attack Affects Customer Data, Firm Admits, After Hackers Contact BBC
The Co-operative Group, a leading UK retailer with over 2,500 supermarkets, 800 funeral homes, and an insurance business, has confirmed that it has been targeted by hackers. The cyber attack, which was announced on Wednesday, has resulted in the theft of customer data, including names, contact details, and membership card numbers, according to a spokesperson for the company.
The hackers, who claim to be part of the notorious ransomware group DragonForce, have contacted the BBC with proof that they had infiltrated the Co-op's IT networks. The cyber criminals say they have stolen data from 20 million people who signed up to Co-op's membership scheme, but the firm would not confirm this number.
The hackers, who are using the name DragonForce, claim to be responsible for the ongoing attack on Marks & Spencer (M&S) and an attempted hack of Harrods. They also shared databases with the BBC that includes usernames and passwords of all employees, as well as a sample of 10,000 customers' data.
Co-op staff were being urged to keep their cameras on during Teams meetings, ordered not to record or transcribe calls, and to verify that all participants were genuine Co-op staff. However, this security measure now appears to be a direct result of the hackers having access to internal Teams chats and calls.
The cyber attack has led government minister Pat McFadden to warn companies to "treat cyber security as an absolute priority." He said in a keynote speech that the attacks need to be a "wake-up call" for every UK business, highlighting the importance of protecting customer data and preventing future breaches.
"In a world where the cybercriminals targeting us are relentless in their pursuit of profit - with attempts being made every hour of every day - companies must treat cyber security as an absolute priority. We've watched in real-time the disruption these attacks have caused - including to working families going about their everyday lives. It serves as a powerful reminder that just as you would never leave your car or your house unlocked on your way to work, we have to treat our digital shop fronts the same way," McFadden said.
The BBC has destroyed the data it received from DragonForce and is not publishing or sharing these documents. However, experts say that the tactics seen in this attack are similar to those of a loosely coordinated group of hackers known as Scattered Spider or Octo Tempest.
DragonForce operates an affiliate cyber crime service, which allows anyone to use their malicious software and website to carry out attacks and extortions. The gang is English-speaking and young, with some security experts suggesting that the tactics used are similar to those of a loosely coordinated group of hackers who operate on Telegram and Discord channels.
The hackers claim to be trying to extort the Co-op for money, but they refused to talk about M&S or Harrods when asked about their plans. They also refused to answer questions about how they feel about causing so much distress and damage to business and customers.
Co-op has more than 2,500 supermarkets as well as 800 funeral homes and an insurance business. It employs around 70,000 staff nationwide. The cyber attack was announced by the company on Wednesday, and since being contacted by the BBC, the firm has disclosed the full extent of the breach to its staff and the stock market.
Lessons for M&S from Other Cyber Attacks
The cyber attacks on Co-op and other retailers highlight the importance of prioritizing cyber security. M&S has been hit by a recent cyber attack, with hackers demanding £4 million in ransom. The company's experience can serve as a warning to others, highlighting the need for robust cyber security measures.