UK retailer Co-op targeted by cyberattack, shuts down IT systems

Britain's Co-op Group has confirmed that hackers attempted to breach its systems, marking the second high-profile cyber attack on a major UK retailer in just two weeks. This incident follows an ongoing attack on Marks & Spencer that has disrupted services for nearly a week. 

The Co-op Group operates over 2,300 food stores across the UK and various businesses including retail, funeral care, legal services, and insurance, and supplies products to over 5,100 other outlets through its wholesale business.

The company has been forced to shut down some of its back office and call center operations but did not disclose whether the intrusion attempts were successful. No details are disclosed about the nature of the attack, any impacted data or individuals.

The company stated they have "taken proactive steps to keep our systems safe" after detecting "attempts to gain unauthorized access to some of our systems". 

All stores and online operations are reported to be open as usual.

Update - As of 2nd of May 2025, the ransomware gang DragonForce Ransomware Group took responsibility for the attack. 

Co-op confirmed that hackers successfully accessed and extracted customer data from one of its systems during the attack. The company stated, "The accessed data included information relating to a significant number of our current and past members." Exposed data inlcudes:

• Customer names
• Contact details
• Member personal data

As of 4th of May 2025, DragonForce claims that they successfully exfiltrated data belonging to approximately 20 million Co-op customers. The hackers sent extortion messages directly to Co-op's head of cybersecurity, stating: "Hello, we exfiltrated the data from your company. We have customer database, and Co-op member card data." The exposed data reportedly includes:

• Customer and employee usernames
• Passwords
• Membership card numbers
• Names
• Home addresses
• Email addresses
• Phone numbers

As of 5th of May 2025, Co-op confirmed the breach, but did not disclose the number of affected individuals: "As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems."

As of 17th of July 2025, the CEO of Co-op publicly confirmed the cyber-attack compromised personal data of all 6.5 million Co-op members. The National Crime Agency arrested four suspects (aged 17-20) on charges including blackmail, money laundering, and Computer Misuse Act violations.