Co-op hackers stole large amount of customer data

Cybercriminals have told the BBC that their recent breach of the Co-op’s systems is significantly more serious than what the company has revealed publicly.

The hackers provided the BBC with evidence showing they had penetrated the Co-op’s IT networks and exfiltrated large volumes of sensitive data, including information on both customers and employees.

In response to the BBC’s inquiry on Friday, a Co-op spokesperson acknowledged that the attackers had “accessed data relating to a significant number of our current and past members.”

The cyber criminals behind this attack claim to have the private information of 20 million people who signed up to Co-op’s membership scheme, but the co-op would not confirm that number. The criminals are using the name DragonForce, say they are also responsible for the ongoing attack on M&S and an attempted hack of Harrods.

The BBC said that on Thursday, it was revealed Co-op staff were being urged to keep their cameras on during Teams meetings, ordered not to record or transcribe calls, and to verify that all participants were genuine Co-op staff. These security measures appear to be a direct result of the hackers having access to internal Teams chats and calls.

DragonForce shared databases with the BBC that includes usernames and passwords of all employees. They also sent a sample of 10,000 customers data including Co-op membership card numbers, names, home addresses, emails and phone numbers. The BBC has destroyed the data it received, and is not publishing or sharing these documents.

DragonForce wanted the BBC to report this hack as they are apparently trying to extort the company for money.

A message on the co-op website from its CEO reads as follows :-

Dear Co-op Member-Owners,

I am writing to update you following the recent cyber-attack on our Co-op and its systems.

Those who have been attacking our Co-op and our systems were able to access a limited amount of member data, which included name, date of birth and contact details, but they have not been able to access any members’ financial information.

Passwords have not been compromised and we are not asking members to do anything differently. However, we do recommend that members take the usual steps to keep their passwords safe.

While we have been able to protect our Co-op from significant trading disruption, which is often the intent of these sorts of attacks, I am very sorry that this member information was accessed. While there is no impact to your account, and you can continue to trade with us as normal, I appreciate that members will be concerned.

Our amazing colleagues are doing everything they can to continue to deliver the service you would expect from us and I am grateful to them, and to our member-owners for your continued support.

We will continue to take action to protect our members and our Co-op. I will be back in touch if any further action is needed.

Thank you for your understanding and support.

Shirine

For those readers outside of the UK who don’t know who the co-op are, they are the Co-operative Group, commonly known as the Co-op, is one of the UK’s largest consumer co-operatives, owned and democratically controlled by its members. It has 2,400 convenience stores around the UK. Established in 1844 by the Rochdale Society of Equitable Pioneers, the Co-op has grown into a diverse business group.