UK retailer Co-op experienced a significant cyberattack in April that resulted in the theft of personal data of 6.5 million members, causing food shortages in its grocery stores. The attackers successfully copied and accessed the contact information of all members, although no financial or transaction information was exposed. The breach was particularly harmful to the Co-op's members and employees. The CEO, Shirine Khoury-Haq, confirmed the attack and expressed her regret, emphasizing the personal impact on the affected individuals. The attack involved the DragonForce ransomware, and the breach initially occurred through a social engineering attack that allowed threat actors to reset an employee's password and spread to other devices.
TPRM report: https://scoringcyber.rankiteo.com/company/the-co-op-group
"id": "the411071725",
"linkid": "the-co-op-group",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '6.5 million',
'industry': 'Retail',
'location': 'United Kingdom',
'name': 'Co-op',
'size': 'Large',
'type': 'Retailer'}],
'attack_vector': ['Social Engineering', 'Password Reset'],
'data_breach': {'data_exfiltration': 'Yes',
'file_types_exposed': ['Windows NTDS.dit file'],
'number_of_records_exposed': '6.5 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Contact information']},
'date_detected': '2023-04-22',
'description': 'UK retailer Co-op has confirmed that personal data of 6.5 '
'million members was stolen in the massive cyberattack in '
'April that shut down systems and caused food shortages in its '
'grocery stores.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': ['Contact information of 6.5 million members'],
'downtime': 'Food shortages in grocery stores',
'identity_theft_risk': 'High',
'operational_impact': 'System shutdowns',
'payment_information_risk': 'None',
'systems_affected': ['IT systems', 'Windows domain']},
'initial_access_broker': {'entry_point': 'Social engineering and password '
'reset',
'high_value_targets': ['Windows NTDS.dit file']},
'investigation_status': 'Ongoing',
'motivation': 'Financial, Data Theft',
'post_incident_analysis': {'root_causes': ['Weak password policies',
'Social engineering '
'vulnerabilities']},
'ransomware': {'data_encryption': 'Unknown',
'data_exfiltration': 'Yes',
'ransomware_strain': 'DragonForce'},
'references': [{'source': 'BBC Breakfast show'},
{'source': 'BleepingComputer'}],
'response': {'communication_strategy': ['Public apology by CEO'],
'containment_measures': 'Shut down several IT systems',
'law_enforcement_notified': 'Yes'},
'threat_actor': 'Scattered Spider',
'title': 'Co-op Cyberattack',
'type': 'Data Breach, Ransomware',
'vulnerability_exploited': 'Weak password policies'}