Manchester, England — A group of cybercriminals has disclosed that their recent hack of the Co-op supermarket chain is significantly more extensive than the company has publicly acknowledged. The hackers, who identify themselves as DragonForce, claim to have compromised both customer and employee data, alleging access to sensitive information pertaining to approximately 20 million members of Co-op’s loyalty program.
In a statement issued after the hackers contacted a news outlet, Co-op confirmed unauthorized access to data related to a considerable number of its current and former members. While the company previously characterized the incident as having a minor operational impact and asserted that there was no evidence of customer data being compromised, the hackers presented proof of their intrusion, including screenshots of internal communications.
The breach raises serious concerns about the actual volume of data at risk, as well as the effectiveness of Co-op’s security measures. Following the company’s disclosure of the attack, security protocols have been heightened, with staff advised to maintain video feeds during virtual meetings and to ensure that all participants are verified as legitimate employees. This precaution appears to be a direct response to the hackers’ access to internal discussions.
DragonForce has claimed responsibility for other recent cyber incidents, including an attack on Marks & Spencer and an attempted breach of Harrods. They provided a sample of stolen data to demonstrate the gravity of their claims, including personal details of thousands of Co-op members, such as names, home addresses, and email addresses. The company has since emphasized that the hacked data does not include sensitive information like passwords or financial details.
As the cybercriminal group seeks to extort the grocery chain, they have expressed a desire for increased media attention on the hack, although they have remained elusive about their intentions should their demands not be met. Experts in cybersecurity have noted that DragonForce operates an affiliate system, enabling others to utilize their tools for cyber attacks, a practice that complicates efforts to trace the origin of the attacks.
While Co-op has reported the breach to national authorities, including the National Cyber Security Centre and the National Crime Agency, the incident highlights the emerging threat of ransomware and cyber extortion schemes targeting major corporations. It is still unclear who is behind the DragonForce operations, but the tactics employed have been associated with a loosely organized group dubbed Scattered Spider or Octo Tempest, indicating a potentially widespread problem within the digital security realm.
As this situation unfolds, the implications for Co-op’s reputation and operations remain uncertain. The incident serves as a stark reminder of the vulnerabilities that even large retailers face in an increasingly interconnected world, prompting further scrutiny of corporate cybersecurity practices.