Cyber criminals have told BBC News their hack against Co-op is far more serious than the company has previously told the public. Hackers contacted the BBC with proof they had infiltrated IT networks and stolen huge amounts of customer and employee data. After being contacted on Friday, a Co-op spokesperson said the hackers "accessed data relating to a significant number of our current and past members". Co-op had previously said that it had taken "proactive measures" to fend off hackers and that it was only having a "small impact" on its operations. It also assured the public that there was "no evidence that customer data was compromised". The cyber criminals claim to have the private information of 20 million people who signed up to Co-op's membership scheme, but the firm would not confirm that number. The criminals, who are using the name DragonForce, say they are also responsible for the ongoing attack on M&S and an attempted hack of Harrods. The anonymous hackers shared with the BBC screenshots of the first extortion message they sent to Co-op's head of cyber security in an internal Microsoft Teams chat on 25th April. "Hello, we exfiltrated the data from your company," the chat says. "We have customer database, and Co-op member card data." They also showed screenshots of a call with the head of security which took place around a week ago. The hackers say they messaged other members of the executive committee too as part of their scheme to blackmail the firm. Co-op has more than 2,500 supermarkets as well as 800 funeral homes and an insurance business. It employs around 70,000 staff nationwide. The cyber attack was announced by the company on Wednesday. On Thursday, it was revealed Co-op staff were being urged to keep their cameras on during Teams meetings, ordered not to record or transcribe calls, and to verify that all participants were genuine Co-op staff. The security measure now appears to be a direct result of the hackers having access to internal Teams chats and calls. DragonForce shared databases with the BBC that includes usernames and passwords of all employees. They also sent a sample of 10,000 customers data including Co-op membership card numbers, names, home addresses, emails and phone numbers. The BBC has destroyed the data it received, and is not publishing or sharing these documents. The Co-op membership database is thought to be highly valuable to the company. Since the BBC contacted Co-op about the hackers' evidence, the firm has disclosed the full extent of the breach to its staff and the stock market. "This data includes Co-op Group members' personal data such as names and contact details, and did not include members' passwords, bank or credit card details, transactions or information relating to any members' or customers' products or services with the Co-op Group," a spokesperson said. DragonForce want the BBC to report the hack - they are apparently trying to extort the company for money. But the criminals wouldn't say what they plan to do with the data if they don't get paid. They refused to talk about M&S or Harrods and when asked about how they feel about causing so much distress and damage to business and customers, they refused to answer. DragonForce is a ransomware group known for scrambling victims' data and demanding a ransom is paid to get the key to unscramble it. They are also known to have stolen data as part of their extortion tactics. DragonForce operates an affiliate cyber crime service so anyone can use their malicious software and website to carry out attacks and extortions. It's not known who is ultimately using the DragonForce service to attack the retailers, but some security experts say the tactics seen are similar to that of a loosely coordinated group of hackers who have been called Scattered Spider or Octo Tempest. The gang operates on Telegram and Discord channels and is English-speaking and young – in some cases only teenagers. Conversations with the Co-op hackers were carried out in text form - but it is clear the hacker, who called himself a spokesperson, was a fluent English speaker. Co-op says it is working with the NCSC and the NCA and said in a statement it is very sorry this situation has arisen. Sign up for our Tech Decoded newsletterto follow the world's top tech stories and trends.Outside the UK? Sign up here.
Co-op hackers stole 'significant' amount of customer data
TruthLens AI Suggested Headline:
"Co-op Confirms Significant Data Breach Amid Hacker Claims"
Bbc News
7.0
TruthLens AI Summary
Cyber criminals have claimed responsibility for a significant hack against Co-op, asserting that the breach is far more severe than the company has reported. The hackers, identifying themselves as DragonForce, contacted BBC News with evidence of their infiltration into Co-op's IT systems, claiming to have accessed sensitive data belonging to both customers and employees. While Co-op initially assured the public that it had taken proactive measures to mitigate the impact of the breach and denied any compromise of customer data, the hackers allege that they possess the personal information of approximately 20 million individuals enrolled in Co-op's membership program. The criminals provided the BBC with screenshots of their communications with Co-op's head of cybersecurity, detailing their extortion attempts, which included demands for payment in exchange for not releasing the stolen data. Co-op has since acknowledged that a significant number of its current and former members' data has been accessed, although they did not confirm the hackers' claims regarding the total number of individuals affected.
In response to the breach, Co-op has implemented heightened security measures, instructing employees to keep cameras on during Microsoft Teams meetings and to verify the identity of all participants, reflecting concerns that the hackers have accessed internal communications. The hackers have shared a portion of the stolen data with the BBC, including usernames, passwords, and detailed personal information of 10,000 customers, such as names, addresses, and contact information. Co-op clarified that the compromised data does not include sensitive financial information like passwords or credit card details. The company is working with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) to address the situation and has expressed regret over the incident. DragonForce is known for its ransomware activities and operates an affiliate service that enables other criminals to utilize their tools for cyberattacks, raising concerns about the broader implications of such organized cybercrime operations.
TruthLens AI Analysis
The article highlights a serious cyber attack on Co-op, revealing that the scale of the data breach is significantly larger than the company initially reported. The hackers, identifying themselves as DragonForce, claim to have stolen sensitive information of millions of customers and employees, raising questions about the company's cybersecurity measures and public messaging.
Motivation Behind the Report
The piece aims to inform the public about the gravity of the cyber attack, suggesting that the Co-op's prior statements downplayed the breach's seriousness. By providing evidence from the hackers themselves, the report seeks to enhance credibility and urgency regarding cybersecurity threats.
Public Perception and Trust
This news item could potentially create distrust towards Co-op among its customers. The conflicting statements from the company about the extent of the data breach might lead to concerns about transparency and the effectiveness of their cybersecurity protocols. The report aims to foster a perception that companies need to take cybersecurity more seriously.
Information Concealment
There may be underlying issues regarding the company's previous handling of the situation. Co-op's initial reassurances about data safety appear to be contradicted by the hackers' claims, which could indicate that they were trying to mitigate reputational damage or avoid panic among customers.
Manipulative Elements
The article's manipulative rate could be considered moderate, primarily due to its reliance on the hackers' claims and evidence. The hackers' assertions, while alarming, may not be fully substantiated, leading to questions about the reliability of their information. The language used in the report could amplify fears and concerns about cybersecurity.
Veracity of Information
The reliability of the news is contingent on the authenticity of the hackers' claims and the company's acknowledgment of the breach. Given the evidence presented, it suggests that the hackers did infiltrate Co-op's systems, but the extent of the data stolen remains uncertain.
Community Impact
The report may resonate more with technology-conscious communities and those concerned about data privacy. It could serve as a rallying point for advocacy around stronger cybersecurity measures and more robust data protection laws.
Economic and Market Effects
For investors and stakeholders in the retail and cybersecurity sectors, this news could influence stock prices, particularly for Co-op and other retailers with similar vulnerabilities. The incident may prompt a reevaluation of investment in cybersecurity and data protection strategies across the industry.
Global Power Dynamics
While this incident may not have direct implications for global power dynamics, it underscores the increasing threat of cybercrime, which is a global issue that affects businesses and governments alike. The heightened focus on cybersecurity in today's digital landscape reflects broader geopolitical concerns about data security and protection.
Use of AI in Reporting
It is possible that AI was used in crafting the article, particularly in structuring the narrative or analyzing data regarding the cyber attack. Advanced AI models could have helped in identifying patterns or summarizing the implications of the breach, influencing how the story is presented.
In conclusion, the overall reliability of the news hinges on the verification of claims made by the hackers and the Co-op's transparency about the incident. The report serves as a crucial reminder of the vulnerabilities businesses face in the digital age and the need for proactive cybersecurity measures.