Co-op cyber attack affects customer data, company admits

Cyber criminals have told BBC News that the recent hack against the Co-op is significantly more severe than the company has publicly acknowledged.

The group, identifying themselves as DragonForce, contacted the BBC with what they claim is proof of deep infiltration into Co-op’s IT networks and the theft of vast amounts of customer and employee data.

This revelation sharply contradicts the Co-op’s initial statements. Following the announcement of the cyber attack on Wednesday, a spokesperson had described the impact as “small” and assured the public that there was “no evidence that customer data was compromised.” However, after being approached by the BBC on Friday, the Co-op conceded that hackers “accessed data relating to a significant number of our current and past members.”

DragonForce claims to possess the private information of 20 million Co-op membership holders, a figure the company has so far declined to confirm. The hackers provided the BBC with samples of stolen data, including employee usernames and passwords, as well as customer details such as names, addresses, email addresses, phone numbers, and Co-op membership card numbers. The BBC has confirmed the authenticity of the samples but has destroyed the data and will not publish or share it.

The group also asserted responsibility for the ongoing cyber attack on M&S and an attempted hack of Harrods. These incidents have prompted government minister Pat McFadden to issue a stark warning to businesses, urging them to treat cyber security as an “absolute priority.”

Government officials have convened to discuss the escalating cyber threats with McFadden expected to outline further government action later this week, emphasizing the need for businesses to fortify their digital defenses as a critical priority

Says Lisa Webb, Which? Consumer Law Expert:

“Co-op shoppers will understandably be worried that their data has fallen into the hands of hackers who might try to exploit it, so it is vital that Co-op provides clear and timely updates to affected customers and supports them in taking steps to protect themselves.

“Anyone concerned they could be affected should keep a close eye on bank accounts and credit reports for suspicious activity. Also be wary of unexpected phone calls, emails or fake ‘customer support’ messages popping up on social media regarding the breach, as scammers might try to take further advantage of this cyber attack.”