DragonForce Claims Responsibility for Series of Attacks on UK Retailers

Cybercriminal group DragonForce claims their hack on Co-Op is far more severe than the company initially disclosed. Speaking with the BBC they revealed they had accessed Co-Op’s internal IT systems and stole vast amounts of data, including personal information from up to 20 million members.

Initially the Co-Op said the impact was minimal and denied any evidence of compromised data. However, after proof was presented from the hackers, including stolen data and screenshots of internal communications, Co-Op admitted the breach affected a significant number of current and former members. The data includes names, contact details, and membership card numbers, but not passwords or financial information.

The hackers shared screenshots of their extortion messages, claiming access to internal Teams chats and targeting executives. Staff have since been instructed to keep cameras on during meetings and verify attendees.

DragonForce, also linked to cyberattacks on Marks and Spencer and Harrods, are believed to be part of a younger, loosely organized group known as Scattered Spider or Octo Tempest.

The Co-Op have confirmed they are now working with the National Cyber Security Centre and have informed both staff and regulators about the full scope of the breach. The company apologized and said it is taking the incident seriously.