Retailer working with UK cyber authorities after hacker group DragonForce claims theft of data from millions of Co-op members

The Co-op has dramatically revised its account of a recent cyber attack, conceding that the breach compromised data from a “significant” number of its members—far more than previously acknowledged.

Initially described by the retailer as having only a “small impact” on back-office and call centre operations, the attack has now been linked to the theft of private data belonging to millions of people. The criminal hacking group DragonForce has claimed responsibility, also taking credit for similar breaches at Marks & Spencer and Harrods.

Speaking to the BBC, DragonForce alleged it had stolen data on 20 million individuals enrolled in the Co-op’s membership scheme. This prompted the retailer to acknowledge the incident’s severity, though it declined to confirm the exact number affected when pressed by The Telegraph.

The hackers reportedly provided the BBC with screenshots of emails sent to the Co-op’s cyber security director on April 25, suggesting an extended infiltration.

In a statement on Friday, a Co-op spokesperson confirmed that the organisation continues to experience “sustained malicious attempts” to penetrate its systems. The retailer is now working alongside the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) to assess and contain the damage.

“Forensic investigations have revealed that hackers accessed and extracted data from one of our systems,” the spokesperson said. “This data includes personal information—such as names and contact details—of a significant number of our current and former members. It does not include passwords, financial information, or transaction details.”

DragonForce, which described its actions as part of an extortion attempt, told Bloomberg that its campaign against major UK retailers was financially motivated.

Marks & Spencer has reportedly been among the hardest hit, suffering widespread system disruptions that led to halted online orders, disabled contactless payments, and stock shortages in stores. The attack is believed to have involved ransomware, which encrypts files and renders them inaccessible.

The Co-op says it has implemented new security measures to prevent further unauthorised access, while aiming to minimise service disruption. “We understand our members trust us with their personal information, and we deeply regret this breach,” the spokesperson added.

The attack on Harrods, which followed on Thursday, has raised concerns about an escalating campaign targeting high-profile British retailers.

Would you like a visual timeline of the cyber attack events across these retailers?