Coop DragonForce cyber attack includes customer data firm admits

pCyber criminals have told BBC News their hack against Coop is far more serious than the company previously admittedppHackers contacted the BBC with proof they had infiltrated IT networks and stolen huge amounts of customer and employee datappAfter being approached on Friday a Coop spokesperson said the hackers accessed data relating to a significant number of our current and past membersppCoop had previously said that it had taken proactive measures to fend off hackers and that it was only having a small impact on its operationsppIt also assured the public that there was no evidence that customer data was compromisedppThe cyber criminals claim to have the private information of 20 million people who signed up to Coops membership scheme but the firm would not confirm that numberppThe criminals who are using the name DragonForce say they are also responsible for the ongoing attack on MS and an attempted hack of HarrodsppThe attacks have led government minister Pat McFadden to warn companies to treat cyber security as an absolute priorityppThe anonymous hackers showed the BBC screenshots of the first extortion message they sent to Coops head of cyber security in an internal Microsoft Teams chat on 25 AprilppHello we exfiltrated the data from your company the chat says ppWe have customer database and Coop member card datappThey also showed screenshots of a call with the head of security which took place around a week agoppThe hackers say they messaged other members of the executive committee too as part of their scheme to blackmail the firmppCoop has more than 2500 supermarkets as well as 800 funeral homes and an insurance businessppIt employs around 70000 staff nationwideppThe cyber attack was announced by the company on WednesdayppOn Thursday it was revealed Coop staff were being urged to keep their cameras on during Teams meetings ordered not to record or transcribe calls and to verify that all participants were genuine Coop staffppThe security measure now appears to be a direct result of the hackers having access to internal Teams chats and callsppDragonForce shared databases with the BBC that includes usernames and passwords of all employeesppThey also sent a sample of 10000 customers data including Coop membership card numbers names home addresses emails and phone numbers ppThe BBC has destroyed the data it received and is not publishing or sharing these documentsppThe Coop membership database is thought to be highly valuable to the companyppSince the BBC contacted Coop about the hackers evidence the firm has disclosed the full extent of the breach to its staff and the stock marketppThis data includes Coop Group members personal data such as names and contact details and did not include members passwords bank or credit card details transactions or information relating to any members or customers products or services with the Coop Group a spokesperson saidppDragonForce want the BBC to report the hack they are apparently trying to extort the company for money ppBut the criminals wouldnt say what they plan to do with the data if they dont get paidppThey refused to talk about MS or Harrods and when asked about how they feel about causing so much distress and damage to business and customers they refused to answerppDragonForce is a ransomware group known for scrambling victims data and demanding a ransom is paid to get the key to unscramble it They are also known to have stolen data as part of their extortion tacticsppDragonForce operates an affiliate cyber crime service so anyone can use their malicious software and website to carry out attacks and extortionsppIts not known who is ultimately using the DragonForce service to attack the retailers but some security experts say the tactics seen are similar to that of a loosely coordinated group of hackers who have been called Scattered Spider or Octo TempestppThe gang operates on Telegram and Discord channels and is Englishspeaking and young in some cases only teenagersppConversations with the Coop hackers were carried out in text form but it is clear the hacker who called himself a spokesperson was a fluent English speakerppThey say two of the hackers want to be known as Raymond Reddington and Dembe Zuma after characters from US crime thriller Blacklist which involves a wanted criminal helping police take down other criminals on a blacklist ppThe hackers say were putting UK retailers on the BlacklistppCoop says it is working with the NCSC and the NCA and said in a statement it is very sorry this situation has arisenppUK government officials have met over the cyber attacks with national security staff and the chief executive of the National Cyber Security Centre discussing support for retailersppIn a keynote speech next week setting out government action minister Pat McFadden who has responsibility for cyber security will say the attacks need to be a wakeup call for every UK businessppIn a world where the cybercriminals targeting us are relentless in their pursuit of profit with attempts being made every hour of every day companies must treat cyber security as an absolute priorityppWeve watched in realtime the disruption these attacks have caused including to working families going about their everyday lives ppIt serves as a powerful reminder that just as you would never leave your car or your house unlocked on your way to work We have to treat our digital shop fronts the same wayppSign up for our Tech Decoded newsletter to follow the worlds top tech stories and trends Outside the UK Sign up hereppThe retail giant is still not taking online orders following a cyber attack three weeks agoppOnline orders paused some customer data stolen heres what we know about the chaos at MSppThe new centre is aimed at addressing growing regional and national needs for expertiseppA St Andrews University team says Torridons ancient geology is similar to that on the red planetppThe picturesque island of Islay in the Western Isles is dealing with the real world impacts of the major supermarket hackppCopyright 2025 BBC All rights reserved  The BBC is not responsible for the content of external sites Read about our approach to external linkingpp p