A cyber-attack on the Co-operative Group (Co-op) last week was worse than initially thought, with the UK retailer admitting that customer data was stolen.
An FAQ posted on the retailer’s website on Monday revealed that hackers had managed to exfiltrate data from one of its systems.
“The data we believe was extracted includes Co-op Group members’ personal data such as names, contact details (residential address, email address and phone number) and dates of birth,” it noted.
“We do not believe the following types of identifiable personal data have been extracted: members’ passwords, bank or credit card details, transactions or information relating to any members’ or customers’ products or services with the Co-op Group.”
Co-op “members” effectively own the mutual organization, and could be customers, employees, suppliers and others.
Read more on retail ransomware: Three-Quarters of Retail Ransomware Attacks End in Encryption
The UK’s seventh largest retailer initially told Infosecurity last week that it had suffered unauthorized access attempts, but that they resulted in only “a small impact to some of our back office and call centre services.”
Some of the retailer's systems have been shut down to protect the organization.
The news comes as government cybersecurity experts released new advice for retailers in the wake of attacks on the Co-op, Marks & Spencer and Harrods.
GCHQ’s National Cyber Security Centre (NCSC) strongly advised retailers to follow its guide on mitigating malware/ransomware, including to:
- Turn on and extensively deploy multi-factor authentication (MFA)
- Monitor for suspicious behavior including risky Entra ID logins
- Monitor access to Domain Admin, Enterprise Admin and Cloud Admin accounts
- Review helpdesk password reset policies including how it authenticates members’ credentials before resetting passwords
- Ensure security operations (SecOps) teams can spot logins from unusual sources like VPNs services in residential ranges
- Ensure security teams are able to rapidly ingest threat intelligence and act on it
“Criminal activity online – including, but not limited to, ransomware and data extortion – is rampant,” the NCSC warned.
“Attacks like this are becoming more and more common. And all organizations, of all sizes, need to be prepared.”
The NCSC is currently working with all three retailers to establish what happened and work through incident response, containment and recovery.
A Wake-up Call
Senior cabinet minister and chancellor of the Duchy of Lancaster, Pat McFadden, is expected to discuss the issue in a speech at the CyberUK conference this week, describing it as a “wake-up call” for all UK companies.
“In a world where the cybercriminals targeting us are relentless in their pursuit of profit – with attempts being made every hour of every day – companies must treat cybersecurity as an absolute priority,” he will say.
“We’ve watched in real-time the disruption these attacks have caused – including to working families going about their everyday lives. It serves as a powerful reminder that just as you would never leave your car or your house unlocked on your way to work. We have to treat our digital shop fronts the same way.”
No tags.
