A cyber criminal group known as DragonForce claims to have stolen a “significant” amount of data from UK retail giant Co-op, contradicting the company’s earlier statements that downplayed the severity of the breach.
While Co-op initially said there was “no evidence” customer data had been compromised, the hackers told the BBC they had accessed sensitive information linked to millions of members, including names, addresses, phone numbers, emails, and Co-op membership card details. The group even shared sample data and screenshots of internal messages to prove their claims.
Since the BBC approached Co-op with the evidence, the company has formally disclosed the breach to employees and the stock market, confirming that customer data was compromised – though it insists no passwords, bank details, or transaction histories were affected.
Co-op has apologised to customers and confirmed it’s working with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) to investigate the breach.
The criminals also claim to be responsible for the ongoing attack on M&S and the attempted hack of Harrods.
What you should do now
If you’re a Co-op member, it’s wise to:
- Monitor your emails and bank accounts for suspicious activity
- Change your password if you reused your Co-op login elsewhere
- Watch out for updates. If a data breach is confirmed, we’ll let you know and guide you through your rights.
Lawyers are now considering legal action on behalf of those affected by the Co-op data breach. If you’ve been notified that your data was compromised, you may be entitled to join the Co-op data breach claim for compensation.
Think you might be eligible? Our simple checker provides instant clarity. Answer a few straightforward questions, and you’ll know if you could qualify to join a future data breach group action.
