Cyber experts from the National Crime Agency – Britain’s equivalent to the FBI – are hunting computer hackers who claim to have stolen the private information of 20 million Co-op customers.
The criminal group, calling itself DragonForce, said it had infiltrated the retailer’s IT network and stolen both customer and employee data in its cyber attack on Wednesday.
Co-op conceded that ‘personal data such as names and contact details’ had been taken from its membership scheme after the devastating scale of the attack was revealed by the hackers.
The retail giant, with more than 2,500 supermarkets, 800 funeral homes and an insurance business, initially downplayed the attack by saying it had ‘pre-emptively’ shut down parts of its IT network after detecting an attempted breach.
But the anonymous hackers behind DragonForce contacted the BBC with evidence of databases they had accessed, containing the user names and passwords of all employees, as well as customer membership card numbers, their names, home and email addresses and phone numbers.
The ransomware group are seeking to extort money from the company, but have not said what they would do with the data if they do not get paid.
DragonForce has also claimed responsibility for the ongoing attack on M&S and an attempted hack of Harrods, the BBC said.
The Co-op has now admitted that National Crime Agency investigators have been called in, as well as the Government’s National Cyber Security Centre.
Co-op conceded that ‘personal data such as names and contact details’ had been taken from its membership scheme
An alleged cyber attack which has crippled Co-op has been linked to notorious teenage hacking gang, Scattered Spider (file image)
A Co-op spokesman said yesterday: ‘As a result of ongoing forensic investigations, we now know the hackers were able to access and extract data from one of our systems. We have implemented measures to ensure that we prevent unauthorised access to our systems while minimising disruption for our members, customers, colleagues and partners.’
DragonForce’s ransomware operation uses malicious software, which when triggered can prevent the target from accessing their own devices and data. Criminals then use stolen data as leverage to extort huge sums of money.
The BBC said hackers sent the first extortion message to Co-op’s head of cyber security in an internal Microsoft Teams chat on April 25. The message read: ‘Hello, we exfiltrated the data from your company. We have customer database, and Co-op member card data.’
The hackers say they also messaged other members of the executive committee as part of their scheme to blackmail the firm.
The tactics used were similar to those of Scattered Spider, a notorious network of largely British and American young adults and teenagers skilled at evading detection.
An expert said the hackers were likely able to bluff their way past staff because their command of the English language gave them ‘authenticity’ – a crucial asset in convincing targets to unwittingly compromise their own security.
Nathaniel Jones, vice president of security and AI strategy at cyber security firm Darktrace, told The Mail on Sunday this made the scam ‘unique’.
‘Most of those sort of cyber crime gangs are sitting in Russia or Belarus,’ he said. ‘So the fact that they’re English native speakers, a number of them, that’s quite unique. I don’t know another group out there like that.’
Marks and Spencer is also battling to restore its services following the Easter cyber hack
An alleged cyber attack which has crippled Marks & Spencer has been linked to notorious teenage hacking gang, Scattered Spider. Scotland Yard is now investigating
Mr Jones said hackers’ ‘native language authenticity’ would likely give employees no cause for alarm, when typical scammers asking for log-in details are often distinctively garbled. He added: ‘If [a member of staff] picks up the phone and you’re talking to a British guy who says it’s his IT team, that does sort of give you that false sense of security that I think has been taken advantage of.’
M&S chief executive Stuart Machin said on Friday that the firm was ‘working day and night’ to resolve its IT issued, but did not put a time frame on when operations would be back to normal – leaving customers frustrated by disruption to online shopping and click-and-collect services.
Labour MP Matt Western, chairman of the joint committee on the National Security Strategy, said: ‘These attacks are a startling reminder that whole chunks of our economy, including some of our most valued brands, are vulnerable to cyber attacks.
‘This is not an issue that should only concern those working in sensitive areas. And it isn’t just the business that is affected, it’s the wider supply chains.
‘We need to encourage the whole of society to take part in building resilience against these serious threats.’
