Co-op concealed cyberattack: data of 20 million customers leaked

03 May 2025 , 06:49
944     0
Co-op concealed cyberattack: data of 20 million customers leaked
Co-op concealed cyberattack: data of 20 million customers leaked

A cyber attack on Co-op previously downplayed by bosses may have leaked up to 20,000,000 shoppers’ personal information.

The company on Wednesday announced hackers had broken into its IT network but said it took ‘steps to keep systems safe’ and that there was ‘no evidence that customer data was compromised’.

Today it admitted the attack was much worse than thought after the BBC reported it had seen a huge sample of customer data shared by the hackers.

Relating to ‘current and past’ members of its loyalty scheme, it includes names, home addresses, emails and phone numbers.

The BBC also reported seeing screenshots of an extortion message sent by the hackers to Co-op’s head of cyber security on April 25 – five days before the company’s announcement.

‘Hello, we exfiltrated the data from your company,’ the message reportedly said. ‘We have customer database, and Co-op member card data.’

In Wednesday’s announcement, a Co-op spokesperson said: ‘We have recently experienced attempts to gain unauthorised access to some of our systems.

‘As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back office and call centre services.

‘All our stores (including quick commerce operations) and funeral homes are trading as usual. 

‘We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period.

‘We are not asking our members or customers to do anything differently at this point. We will continue to provide updates as necessary.’

The BBC said a team of hackers known as DragonForce contacted journalists with with evidence of the hack.

The hackers claimed to have obtained data related to 20 million customers who signed up to Co-op’s membership scheme, a number which Co-op has neither confirmed nor disputed.

DragonForce shared a sample of data from 10,000 customers, which the BBC says it has since destroyed.

They also shared a databased with the usernames and passwords of all 70,000 of Co-op’s employees.

The gang also said they were responsible for an ongoing hack against M&S and an attempted hack of Harrods.

Co-op has apologised for the situation and said it is working with the police and the government’s cyber security agency.

Editorial Team

Thomas Brown

Head of Investigations

Cybercrime, Hackers, IT Network, Co-op Group, Cyber attack

Read more similar news:

07.01.2023, 23:27 • News
PC and Mac users warned over 10 'red flags' you're being spied on
30.01.2023, 11:25 • Finance
JD Sports warns 10million customers may have had data stolen after cyber attack
28.03.2023, 12:21 • Tech
Check your Gmail inbox now and delete dangerous emails that are stealing data
18.04.2023, 23:01 • Crime
Russian hackers 'trying to black out Britain' by targeting power stations
05.06.2023, 18:09 • News
Thousands of staff hit by major data hack at BBC, BA and Boots linked to Russia
08.08.2023, 11:49 • Politics
Millions hit in cyber attack on electoral roll that no one noticed for a year
09.08.2023, 08:39 • Politics
Russians blamed for cyber attack that put details of 40 million voters at risk
02.09.2023, 21:09 • More
Ex newsreader Angela Rippon among BBC stars targeted by Russian cyber attack
07.09.2023, 16:21 • World
Russian web gangsters named by UK and US for hacking hospitals during Covid
11.09.2023, 18:59 • News
Major casino resort firm hit by huge cyber attack as guests locked out of rooms