In This Article:
The Co-op has been forced to admit that a cyber attack was worse than it had previously claimed.
The retailer said on Friday that cyber criminals have stolen data on a “significant” number of its members, having previously claimed the attack only had a “small impact” on its operations.
A criminal hacking gang known as DragonForce took responsibility for the attack as well as similar attacks on Marks & Spencer and Harrods.
The gang told the BBC they had stolen the private information of 20m people who signed up to the Co-op’s membership scheme – forcing the retailer to admit the hack was worse than feared.
The Co-op would not say exactly how many people’s data had been stolen when asked for clarification by The Telegraph.
When the Co-op initially confirmed the cyber attack, it claimed it was only having a “small impact to some of our back office and call centre services”.
The hackers reportedly showed the BBC screenshots of emails they sent to the retailer’s cyber security director on April 25.
Hackers ‘accessed and extracted data’
A spokesman for the Co-op said on Friday it was “continuing to experience sustained malicious attempts by hackers to access our systems” as it works with government cyber security experts to try and limit the damage of the attack”.
They added: “As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems. The accessed data included information relating to a significant number of our current and past members.
“This data includes Co-op Group members’ personal data such as names and contact details, and did not include members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.”
It has called in both the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) as it battles the cyber attack, which followed a similar hack on Marks & Spencer, which has thrown the upmarket grocer into chaos. A third attack on Harrods followed on Thursday.
A spokesman for DragonForce also told Bloomberg they wanted to extort money from the retailers it targeted.
Marks & Spencer has been badly affected and was forced to stop accepting contactless payments and shut down online orders in the wake of the attack. Customers have also been faced with empty shelves.
The retailer’s systems were reported to have been affected by DragonForce’s ransomware, which encrypts computer files, rendering them effectively useless.
The Co-op spokesman added: “We have implemented measures to ensure that we prevent unauthorised access to our systems whilst minimising disruption for our members, customers, colleagues and partners.
“We appreciate that our members have placed their trust in our Co-op when providing information to us. Protecting the security of our members’ and customers’ data is a priority, and we are very sorry that this situation has arisen.”