(Bloomberg) — The UK supermarket chain Co-op said hackers were able to access and extract customer data from one of its systems during a recent cyberattack.
“The accessed data included information relating to a significant number of our current and past members,” the company said in a statement Friday. “This data includes Co-op Group members’ personal data such as names and contact details, and did not include members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.”
The statement cames as a cybercrime gang took credit a disruptive campaign of attacks targeting Co-op and at least two other British retailers over the last two weeks.
A spokesperson for the gang, known as “DragonForce,” said in an interview with Bloomberg News that it and its partners were behind incidents targeting Marks & Spencer, Co-op and Harrods.
The group’s motivation was to extort money from their victims, the spokesperson said. They also claimed to have stolen customer data. The admission is the first confirmation the attacks were linked and carried out by the same group.
Marks & Spencer first announced it had been targeted in a “cyber incident” on April 22. Some of the company’s systems were infected with DragonForce’s ransomware, which encrypts files stored on computers so they cannot be used, Bloomberg News previously reported.
In the aftermath of the attack, M&S stopped accepting contactless payments and shut down online orders. Transactions have yet to resume. There have also been reports of gaps on shelves as the company struggles with availability for some items.
In a post on X Friday, M&S Chief Executive Officer Stuart Machin apologized for the disruption, saying the company is working “day and night” to resolve the issue.
On April 30, British supermarket chain Co-op said it had detected attempts to gain unauthorized access to some of its systems, which it said had a “small impact” on some back office and call center services. On Friday, the retailer said it was investigating along with Uk authorities. “We are continuing to experience sustained malicious attempts by hackers to access our systems,” Co-op said, in a statement. “This is a highly complex situation.”
That was followed on May 1 by a statement from London’s luxury department store Harrods Ltd. disclosing that it had suffered attempts to compromise its systems. The company said it had restricted internet access at its sites in response.
Neither Marks & Spencer, Harrods nor Co-op immediately responded to requests for comment on the DragonForce claims.
The creators of DragonForce, whose identities aren’t known, operate like a criminal cartel, leasing out their malicious software and infrastructure to other hackers while taking a cut of any proceeds earned through extortion, experts say.
Hackers working with DragonForce claimed more than 90 victims last year and targeted companies across various industries, including health care, manufacturing and telecommunications, according to Broadcom’s cybersecurity unit Symantec. The attacks spanned more than a dozen countries across North America, Europe, the Middle East and Asia, according to cyber experts.
The DragonForce spokesperson declined to comment on whether they were negotiating with the British retailers. They said that they typically expect their victims to pay ransom payments that have seven zeros, possibly six. “Our job is not to destroy, we just take some money and walk away,” they said.
The gang claimed it was in the process of harvesting a large trove of data, amounting to terabytes, that it had stolen from the British companies, and suggested that it would release it online if its demands for payment are not met.
The group added that it planned more attacks on the UK’s retail sector, saying the recent breaches were “just a start.”
(Updates with new details from Co-op througout)
More stories like this are available on bloomberg.com
