In recent news, the Co-operative Group, commonly known as Co-op, has confirmed a significant cyber breach that has resulted in the theft of a considerable amount of customer data. Cyber criminals who have named themselves DragonForce contacted BBC News with claims that they had infiltrated Co-op’s IT networks, stealing vast troves of information pertaining to both customers and employees. This has raised serious concerns about the effectiveness of the company’s cybersecurity measures.
A representative from Co-op acknowledged on Friday that this incident involved the compromise of data related to a substantial number of current and former members of their membership scheme. Meanwhile, the company had initially downplayed the situation, suggesting that they had taken proactive steps to mitigate the attack and asserted that it only had a minor impact on their operations. They further reassured the public by claiming that there was no evidence to suggest that customer data had been compromised, a stance that now seems contentious following the revelations brought forth by the hackers.
The hackers, who claim to possess sensitive information about 20 million individuals associated with Co-op’s membership program, have not been confirmed by the company. Upon being contacted by the BBC, the organization updated its staff and stock market regarding the full extent of the breach. DragonForce circulated screenshots of their communications, demonstrating their engagement with Co-op’s cybersecurity head via an internal Microsoft Teams message sent on April 25. The hackers claimed, “Hello, we exfiltrated the data from your company,” and stated they had customer database and Co-op member card data at their disposal.
With the disclosure of the incident, Co-op has adopted more stringent internal security measures. Staff members are now required to keep their cameras activated during Teams meetings and have been instructed against recording or transcribing calls. This decision appears to be a direct response to the hackers’ access to internal communications, causing further alarm among employees.
The situation escalated as DragonForce also shared databases that purportedly included usernames and passwords of Co-op employees. Additionally, they provided a sample of customer data, which encompasses Co-op membership card numbers, personal addresses, emails, and phone numbers. The BBC has made a point to destroy any data they had received during their communication with the hackers and have not circulated this information.
As a notorious ransomware group, DragonForce is known for their tactics of encrypting victims’ data and subsequently demanding ransoms for its retrieval. They operate an affiliate cybercriminal service, making it possible for various attackers to utilize their resources for extortive measures. The actual individuals behind these attacks remain unidentified, but their operational methods appear to align with those of a loosely organized cohort of hackers dubbed Scattered Spider or Octo Tempest.
DragonForce engages with operations through communication platforms like Telegram and Discord, often involving younger members, sometimes even teenagers. The spokesperson for this group, who demonstrated fluency in English during their interactions with the press, has shown no willingness to discuss the wider implications of their actions on businesses and consumers alike. Co-op has mentioned that they are collaborating with the National Cyber Security Centre (NCSC) and National Crime Agency (NCA) to address the situation and has expressed regret over the occurrence of this breach.
It is essential to note that although DragonForce seeks media attention to highlight their actions and potentially extort Co-op, they have refrained from divulging their intentions with the stolen data if their demands are not met. The Co-op data breach serves as a reminder of the vulnerabilities even well-established organizations face from increasingly sophisticated cyber threats in today’s digital landscape.