Cyberattack on Co-op leaves shelves empty, data stolen, and $275M in lost revenue

Cyberattack on Co-op leaves shelves empty, data stolen, and $275M in lost revenue

Cyberattack on Co-op leaves shelves empty, data stolen, and $275M in lost revenue

The cyberattack on UK retailer Co-op in April caused empty shelves, customer data theft, and a $275M revenue loss.

In May, the cybercrime group behind the April Co-op cyberattack, who go online with the name DragonForce, told the BBC that they had stolen data from the British retail and provided proof of the data breach.

Hackers shared screenshots of their first extortion message to Co-op’s cyber chief via Microsoft Teams on 25 April. They also called the head of security at the company around a week ago.

Initially, the company declared that there was “no evidence that customer data was compromised”.

However, the British consumer co-operative owned Co-op later confirmed that threat actors accessed data belonging to current and past members,BBC reported.

“The cyber criminals claim to have the private information of 20 million people who signed up to Co-op’s membership scheme, but the firm would not confirm that number.” reads thepostpublished by BBC.

The DragonForce group also claimed the attack onM&Sand told the BBC that they had attempted to hackHarrods.

Now the Co-op retail chain confirmed that the cyberattack it suffered in April caused a $275M (£206 million) revenue loss.

The company said its food business took the hardest hit from April’s cyberattack, with stock shortages lasting weeks. The company avoided ransomware lockdown by disconnecting networks, but 6.5M members still had data stolen.

“The data which was extracted includesCo-opGroup members’ personal data such as names, contact details (residential address, email address and phone number) and dates of birth. The following was not extracted: members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with theCo-opGroup.” states the company in the FAQs page.

“Given the limited nature of the data and the very low risk of harm, we’re not offering compensation. However, we’ve continued to give members great value, through member prices and offers like our £10 off £40 thank you.”

In July, the British National Crime Agency (NCA) arrested four individuals in the country following an investigation into the recent wave of attacks targetingCo-op,M&S, andHarrods.

On July 10, Law enforcement arrested 4 youths, aged 17–20, in London and West Midlands, the police also seized their devices for evidence. One suspect is Latvian.

“Four people have been arrested in the UK as part of a National Crime Agency investigation into cyber attacks targeting M&S, Co-op and Harrods. Two males aged 19, another aged 17, and a 20-year-old female were apprehended in the West Midlands and London this morning (10 July) on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group.” reads thepress releasepublished by NCA. “All four were arrested at their home addresses and had their electronic devices seized for digital forensic analysis.”

The four suspects faced charges of Computer Misuse Act offenses, blackmail, money laundering, and participation in organized crime.

In June, the Cyber Monitoring Centre (CMC)labeledthe cyberattacks onMarks & SpencerandCo-opas a Category 2 systemic event, estimating losses between £270M and £440M.

Follow me on Twitter:@securityaffairsandFacebookandMastodon

PierluigiPaganini

(SecurityAffairs–hacking,ransomware attack)

azaeo.com – datalake

File fishes formats available in:

TextoJSONJSON-LDXMLHTMLHTML SourcePDFMarkdown

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.