A growing UK retailer cyberattack campaign has exposed sensitive data at major British retailers, including the Co-op Group, which confirmed that hackers accessed personal data of both current and former members. The breach is part of a broader ransomware operation claimed by the cybercrime gang “DragonForce,” which has also targeted Marks & Spencer and Harrods in recent weeks.
In a statement issued on Friday, Co-op said the attackers extracted names and contact details but assured members that no passwords, payment data, or transaction records were compromised. The company added that the attack had a limited impact on some back-office and call centre functions and that investigations were ongoing in cooperation with UK authorities.
DragonForce Behind Coordinated Ransomware Attacks
The hacking collective DragonForce took credit for the attacks in an interview with Bloomberg, saying their primary aim was financial extortion. They claimed responsibility for breaching all three UK retailers and said they had stolen vast amounts of customer data, now threatened with public release unless ransom demands—reportedly in the seven-figure range—are met.
Marks & Spencer was the first to report a “cyber incident” on 22 April, resulting in disabled contactless payments, suspended online orders, and stock shortages. On Friday, CEO Stuart Machin apologised for the disruption, assuring customers that efforts to restore services are underway “day and night.”
Harrods and Co-op Also Targeted
Harrods disclosed on 1 May that it had experienced attempted system breaches and responded by limiting internet access at its facilities. Co-op first detected suspicious activity on 30 April and has since been under sustained attack, describing the ongoing situation as “highly complex.”
The three retailers have not commented publicly on the claims made by DragonForce, which operates as a criminal cartel by leasing ransomware tools to other hackers in exchange for a share of extortion profits.
DragonForce’s Global Reach and Future Threats
DragonForce is believed to be responsible for over 90 cyberattacks in 2023, targeting sectors such as healthcare, telecoms, and manufacturing across more than a dozen countries. According to cyber experts at Symantec, the group is one of the most active threat actors currently operating globally.
There is speculation that DragonForce may be collaborating with the notorious hacking outfit Scattered Spider, known for breaching major firms like MGM Resorts and Caesars Entertainment. Analysts from Google’s Threat Intelligence Group warn that more UK companies could be next, given the group’s pattern of targeting entire sectors in waves.
A DragonForce spokesperson refused to confirm links to Scattered Spider but hinted at ongoing efforts to extract additional data and carry out more attacks on British retail businesses, stating ominously that “this is just the start.”
Retail Sector Urged to Strengthen Cyber Defences
Cybersecurity analysts are now urging UK retailers to boost digital defences, as attackers continue to exploit weak points across critical retail systems. With DragonForce threatening to leak terabytes of stolen information, the risk to consumer data and brand reputation remains significant.
