Image by The Co-op Group, from Wikimedia Commons
Co-op its Major Data Breach After Hacker Group s BBC
Reading time: 2 min
Last Updated: May 5, 2025
-
![Kiara Fabbri]()
-
![Sarah Frazier]()
Fact-Checked by Sarah Frazier Content Manager
Hackers claim they stole private data from 20 million Co-op , pushing the firm to it a far larger breach than reported.
In a rush? Here are the quick facts:
- DragonForce shared stolen staff and customer data with BBC.
- Co-op initially denied any customer data had been compromised.
- UK minister urges businesses to prioritize cybersecurity urgently.
Co-op has confirmed that hackers have accessed personal data belonging to a “significant number” of its and employees, after cybercriminals ed the BBC with evidence of the breach.
The BBC reports that the hacking group, known as DragonForce, claims to have stolen private data from 20 million Co-op , including names, addresses, emails, phone numbers, and hip card details.
The hackers presented BBC with Microsoft Teams chat screenshots that included an extortion note, which they sent to the company’s cybersecurity head on April 25. The hackers addressed the company in their message by stating, “Hello, we exfiltrated the data from your company […] We have customer database, and Co-op member card data.”
Co-op first stated the attack caused minimal damage while asserting there was no indication that customer data had been compromised. The company revealed the actual extent of the breach to staff and the stock market after hackers provided the BBC with employee credentials and 10,000 customer records from their databases.
A spokesperson clarified: “This data includes Co-op Group ’ personal data such as names and details, and did not include ’ s, bank or credit card details, transactions or information relating to any ’ or customers’ products or services with the Co-op Group,” as reported by the BBC.
The BBC has destroyed the files and is not publishing or sharing them. The ransomware gang DragonForce demands payment from the victim, but they have not disclosed their intentions regarding the stolen data in case of non-payment.
Minister Pat McFadden declared that cybersecurity should be treated as an absolute priority by all UK companies. Security analysts believe DragonForce operates an attack service that probably stems from the young English-speaking hacker group Scattered Spider.
The Co-op continues to work with UK cyber agencies to handle the incident as the company maintains 70,000 employees across its 2,500 stores.
Previous Story
Latest articles
Leave a Comment
Cancel