Hackers claim to have stolen data of 20m British Co-op customers
Cyber criminals contacted BBC News and provided evidence that they had broken into Co-op‘s IT systems and stolen extensive customer and employee data. This revelation contradicted the company’s earlier statement that the hack had minimal impact on operations and assured the public that no customer data had been compromised.
The hackers, who call themselves DragonForce, claim to have private data on 20 million people who signed up for Co-op’s membership programme. They also boasted that they were responsible for ongoing attacks on Marks & Spenser and an attempted break-in at Harrods.
These incidents prompted Minister for Intergovernmental Relations Pat McFadden to urge companies to make cyber security a priority.
DragonForce demonstrated their access by sharing screenshots of extortion messages sent via internal Microsoft Teams chat to Co-op’s head of cyber security on 25 April. They also revealed screenshots of a conversation with the head of security highlighting their attempts to blackmail the company. After the BBC was contacted regarding the evidence from the hackers, Co-op disclosed the full extent of the breach to its staff and the stock exchange. The compromised data included personal information such as names and contact information, but not passwords, bank details, transaction history or product/service information.
DragonForce is seeking publicity for the hack, possibly aimed at extortion. They refused to elaborate on their plans if ransom demands are not met and remained silent when questioned about the impact on businesses and customers. DragonForce, which is known for scrambling data and demanding ransoms for decryption keys, also has an affiliated cybercrime service that can be accessed by anyone seeking to carry out attacks. The tactics used bear similarities to a loosely coordinated hacker group known as Scattered Spider or Octo Tempest. This English-speaking, youth-dominated group communicates through Telegram and Discord channels.
The hackers, who identified themselves as ‘Raymond Reddington’ and ‘Dembe Zuma’ after characters from the TV series Blacklist, stated that their goal was to metaphorically blacklist British retailers.
Co-op confirmed its cooperation with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).
Minister McFadden will highlight what he will call a “wake-up call” regarding cyber security at this week’s CyberUK event.
“In a world where the cybercriminals targeting us are relentless in their pursuit of profit – with attempts being made every hour of every day – companies must treat cyber security as an absolute priority,” he will say in a keynote speech, according to a post on a government website.
“We’ve watched in real-time the disruption these attacks have caused – including to working families going about their everyday lives. It serves as a powerful reminder that just as you would never leave your car or your house unlocked on your way to work. We have to treat our digital shop fronts the same way.”
Business AM
Subscribers 0
Fans 0
Followers 0
Followers