Co-op concealed cyberattack: data of 20 million customers leaked
A cyber attack on Co-op previously downplayed by bosses may have leaked up to 20,000,000 shoppers’ personal information.
The company on Wednesday announced hackers had broken into its IT network but said it took ‘steps to keep systems safe’ and that there was ‘no evidence that customer data was compromised’.
Today it admitted the attack was much worse than thought after the BBC reported it had seen a huge sample of customer data shared by the hackers.
Relating to ‘current and past’ members of its loyalty scheme, it includes names, home addresses, emails and phone numbers.
The BBC also reported seeing screenshots of an extortion message sent by the hackers to Co-op’s head of cyber security on April 25 – five days before the company’s announcement.
‘Hello, we exfiltrated the data from your company,’ the message reportedly said. ‘We have customer database, and Co-op member card data.’
In Wednesday’s announcement, a Co-op spokesperson said: ‘We have recently experienced attempts to gain unauthorised access to some of our systems.
‘As a result, we have taken proactive steps to keep our systems safe, which has resulted in a small impact to some of our back office and call centre services.
‘All our stores (including quick commerce operations) and funeral homes are trading as usual.
‘We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period.
‘We are not asking our members or customers to do anything differently at this point. We will continue to provide updates as necessary.’
The BBC said a team of hackers known as DragonForce contacted journalists with with evidence of the hack.
The hackers claimed to have obtained data related to 20 million customers who signed up to Co-op’s membership scheme, a number which Co-op has neither confirmed nor disputed.
DragonForce shared a sample of data from 10,000 customers, which the BBC says it has since destroyed.
They also shared a databased with the usernames and passwords of all 70,000 of Co-op’s employees.
The gang also said they were responsible for an ongoing hack against M&S and an attempted hack of Harrods.
Co-op has apologised for the situation and said it is working with the police and the government’s cyber security agency.
Read more similar news:
Comments:
comments powered by Disqus
