# Co-op Hit by Cyberattack as Hackers Stolen Customer Data
The UK supermarket chain Co-op has confirmed that hackers were able to access and extract customer data from one of its systems during a recent cyberattack.
The company stated in a statement on Friday that the accessed data included information relating to a significant number of its current and past members, including names and contact details. However, it did not include members' passwords, bank or credit card details, transactions, or information related to any products or services with the Co-op Group.
This revelation comes as a cybercrime gang known as "DragonForce" took credit for a series of attacks targeting Co-op and at least two other British retailers over the last two weeks. The group claimed that its motivation was to extort money from their victims, adding that they had stolen customer data.
"We are continuing to experience sustained malicious attempts by hackers to access our systems," said Co-op in a statement. "This is a highly complex situation."
The attack on Co-op follows a similar campaign of attacks targeting Marks & Spencer and Harrods, which the DragonForce gang claimed were part of its disruptive campaign.
Marks & Spencer first announced that it had been targeted in a cyber incident on April 22, with some of the company's systems infected with DragonForce's ransomware. The company has since stopped accepting contactless payments and shut down online orders, with transactions yet to resume.
There have also been reports of gaps on shelves as the company struggles with availability for some items.
In a post on X on Friday, Marks & Spencer Chief Executive Officer Stuart Machin apologized for the disruption, saying that the company is working "day and night" to resolve the issue.
Co-op had previously detected attempts to gain unauthorized access to some of its systems, which it said had a "small impact" on some back office and call center services. The retailer has been investigating along with UK authorities.
Harrods Ltd also disclosed that it had suffered attempts to compromise its systems, with the company restricting internet access at its sites in response.
The creators of DragonForce operate like a criminal cartel, leasing out their malicious software and infrastructure to other hackers while taking a cut of any proceeds earned through extortion. Hackers working with DragonForce claimed more than 90 victims last year and targeted companies across various industries, including healthcare, manufacturing, and telecommunications.
The attacks spanned more than a dozen countries across North America, Europe, the Middle East, and Asia, according to cyber experts. The group's spokesperson declined to comment on whether they were negotiating with the British retailers.
"We just take some money and walk away," said the gang's spokesperson. "Our job is not to destroy, but to extort."
The group claimed that it was in the process of harvesting a large trove of data, amounting to terabytes, that it had stolen from the British companies, and suggested that it would release it online if its demands for payment are not met.
Some cybersecurity experts have said that the attacks bore the hallmarks of a hacking group known as Scattered Spider, whose previous targets included MGM Resorts International and Caesars Entertainment Inc. It's possible that Scattered Spider is working with DragonForce and using its ransomware, according to John Hultquist, chief analyst at Google Threat Intelligence Group.
The threat is imminent, warned Hultquist. "So the peers of the companies that have been targeted need to really batten down the hatches."