The cyberattack on UK retailer Co-op in April caused empty shelves, customer data theft, and a $275M revenue loss.——————————————————————————————————————In May, the cybercrime group behind the April Co-op cyberattack, who go online with the name [DragonForce](https://securityaffairs.com/tag/dragonforce), [**told the BBC**](https://securityaffairs.com/177376/cyber-crime/dragonforce-group-claims-the-theft-of-data-after-co-op-cyberattack.html) that they had stolen data from the British retail and provided proof of the data breach.Hackers shared screenshots of their first extortion message to Co-op’s cyber chief via Microsoft Teams on 25 April. They also called the head of security at the company around a week ago.Initially, the company declared that there was ‘no evidence that customer data was compromised’.However, the British consumer co-operative owned Co-op later confirmed that threat actors accessed data belonging to current and past members, [BBC reported](https://www.bbc.com/news/articles/crkx3vy54nzo).*’The cyber criminals claim to have the private information of 20 million people who signed up to Co-op’s membership scheme, but the firm would not confirm that number.’ reads the [post](https://www.bbc.com/news/articles/crkx3vy54nzo) published by BBC.*The DragonForce group also claimed the attack on [M-&S](https://securityaffairs.com/176820/hacking/marks-spencer-ms-is-managing-a-cyber-incident.html) and told the BBC that they had attempted to hack [Harrods](https://securityaffairs.com/177330/cyber-crime/luxury-department-store-harrods-suffered-a-cyberattack.html).Now the Co-op retail chain [confirmed](https://therecord.media/retailer-the-co-op-cyberattack-lost-revenue) that the cyberattack it suffered in April caused a $275M (£206 million) revenue loss.The company said its food business [took the hardest hit](https://www.coop.co.uk/cyber-incident) from April’s cyberattack, with stock shortages lasting weeks. The company avoided ransomware lockdown by disconnecting networks, but 6.5M members still had data stolen.’The data which was extracted includes Co-op Group members’ personal data such as names, contact details (residential address, email address and phone number) and dates of birth. The following was not extracted: members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.’ [states the company in the FAQs page](https://www.coop.co.uk/cyber-incident-faqs).*’Given the limited nature of the data and the very low risk of harm, we’re not offering compensation. However, we’ve continued to give members great value, through member prices and offers like our £10 off £40 thank you.’*In July, the British National Crime Agency (NCA) [arrested](https://securityaffairs.com/179806/cyber-crime/uk-nca-arrested-four-people-over-ms-co-op-cyberattacks.html) four individuals in the country following an investigation into the recent wave of attacks targeting [Co-op](https://securityaffairs.com/177376/cyber-crime/dragonforce-group-claims-the-theft-of-data-after-co-op-cyberattack.html), [M-&S](https://securityaffairs.com/177784/data-breach/marks-and-spencer-confirms-data-breach-after-april-cyber-attack.html), and [Harrods](https://securityaffairs.com/177330/cyber-crime/luxury-department-store-harrods-suffered-a-cyberattack.html).On July 10, Law enforcement arrested 4 youths, aged 17–20, in London and West Midlands, the police also seized their devices for evidence. One suspect is Latvian.*’Four people have been arrested in the UK as part of a National Crime Agency investigation into cyber attacks targeting M-&S, Co-op and Harrods. Two males aged 19, another aged 17, and a 20-year-old female were apprehended in the West Midlands and London this morning (10 July) on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group.’ reads the [press release published by NCA. ‘All four we](https://www.nationalcrimeagency.gov.uk/news/retail-cyber-attacks-nca-arrest-four-for-attacks-on-m-s-co-op-and-harrods)re arrested at their home addresses and had their electronic devices seized for digital forensic analysis.’*The four suspects faced charges of Computer Misuse Act offenses, blackmail, money laundering, and participation in organized crime.In June, the Cyber Monitoring Centre (CMC) [labeled](https://securityaffairs.com/179225/cyber-crime/the-financial-impact-of-marks-spencer-and-co-op-cyberattacks-could-reach-440m.html) the cyberattacks on [Marks -& Spencer](https://securityaffairs.com/176820/hacking/marks-spencer-ms-is-managing-a-cyber-incident.html) and [Co-op](https://securityaffairs.com/177376/cyber-crime/dragonforce-group-claims-the-theft-of-data-after-co-op-cyberattack.html) as a Category 2 systemic event, estimating losses between £270M and £440M.Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, ransomware attack)
Related Tags:
NAICS: 44 – Retail Trade – Auto
Food
Home
NAICS: 519 – Web Search Portals
Libraries
Archives
Other Information Services
NAICS: 52 – Finance And Insurance
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 522 – Credit Intermediation And Related Activities
NAICS: 51 – Information
Blog: Security Affairs
Associated Indicators: