Co-op hackers boast of 'stealing 20 million customers' data' - as retailer admits impacts of 'significant' attack

3 May 2025, 18:25 | Updated: 3 May 2025, 19:31

General view of the logo at a Co-op supermarket in Central London as the group says that hackers have extracted data related to a large number of its customers.
General view of the logo at a Co-op supermarket in Central London as the group says that hackers have extracted data related to a large number of its customers. Picture: Alamy

By Jacob Paul

The cyber attackers allegedly behind a hack on the Co-op have bragged about vast scale of their attack, forcing the supermarket chain to row back on claims it suffered a "small impact".

Listen to this article

Loading audio...

DragonForce, the criminal group claiming responsibility, has alleged it managed to infiltrate IT networks and steal 20 million customer's data. Employee data has also reportedly been stolen.

Messages sent to the head of Co-op's head of cybersecurity on April 25, have been published by the BBC.

They read: "Hello, we exfiltrated the data from your company.

"We have customer database, and Co-op member card data."

Co-op said it was forced to shut some operations after it reported hackers attempts to gain "unauthorised access" to its network on Wednesday.

Read more: Co-op apologises after hackers access members’ personal data

Read more: M&S ‘working day and night’ to manage impact of cyber attack

London, UK. 2nd May, 2025. M & S (Marks and Spencer) food stores still have many empty shelves due to outage caused by hacking.
London, UK. 2nd May, 2025. M & S (Marks and Spencer) food stores still have many empty shelves due to outage caused by hacking. Picture: Alamy

The retailer initially claimed the hack had only a "small impact" on the company.

But the firm later raced to apologise, admitting the hackers had "accessed data relating to a significant number of our current and past members".

A spokesman said: “As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems. The accessed data included information relating to a significant number of our current and past members.

“This data includes Co-op Group members’ personal data such as names and contact details, and did not include members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.”

The National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) has been called on as Co-op continues to grapple with the impacts.

This also comes as the Metropolitan Police investigates a cyber attack on Marks & Spencer after a hack caused chaos for the retailer, leaving shop shelves bare and online sales halted.

The force confirmed on Wednesday that officers from its cyber crime unit are investigating amid reports a hacking group known as Scattered Spider may have carried out the attack.

The criminal group reportedly involves British and American teenagers. It comes after a cyber attack plunged the retailer into chaos last Monday, leaving the company battling the lasting impacts as the crisis dragged on.

The incident was thought to be driven by a ransomware attack which forced some of its internal processes offline.

Harrods was the third retailer targeted in the string of cyber attacks over the last week.

"The disruption caused by cyber attacks on these businesses have been significant - with reports of empty shelves and online orders being cancelled. So far, there's no evidence of personal data being taken - and in the case of the Co-Op shutting down some of their systems stopped the attack from spreading," writes LBC'S technology correspondent Will Guyatt.

"The words “cyber attack” still elicit a Pavlovian response - and should, but the more and more we hear of cyber attacks, the less we’re going to care.  If one happens and you’re at risk, change your password, keep an eye on your credit record and move on - it’s an annoying part of our increasingly digital world," he advises.