UK Retail Giant Co-op Confirms Massive Data Theft Following April Cyberattack
The Scope of the Breach
In a chilling admission, UK retailer Co-op has confirmed the theft of personal data belonging to 6.5 million members after a massive cyberattack in April 2025. This breach, which disrupted the company’s operations and led to food shortages in stores, is now being recognized as one of the most serious cybersecurity incidents in recent UK retail history.
No Financial Data Lost, But Privacy Compromised
According to Co-op CEO Shirine Khoury-Haq, who publicly addressed the situation on BBC Breakfast, while no financial or transactional information was leaked, the attackers did steal contact information and personal details of millions of loyal members. “They had access to the data. That’s the awful part,” she said, calling the incident a personal and organizational blow.
How the Attack Unfolded
The breach began with a social engineering campaign that tricked a Co-op employee into resetting their password—giving hackers access to the internal network. From there, attackers deployed the DragonForce ransomware, exfiltrating the Windows NTDS.dit file, a critical database containing password hashes for accounts within Co-op’s Active Directory.
Experts warn that access to this database allows hackers to crack passwords offline, enabling lateral movement across company systems. Security sources have linked the breach to Scattered Spider, a notorious threat group also involved in recent attacks on Marks & Spencer (M&S) and MGM Resorts.
Criminals Behind the Breach
UK law enforcement has responded swiftly. Just last week, the National Crime Agency (NCA) announced the arrest of four suspects allegedly tied to the Co-op and M&S attacks. The individuals, aged between 17 and 20, were apprehended in coordinated raids in London and the West Midlands.
One suspect is believed to have played a key role in the MGM Resorts hack, which led to over 100 VMware ESXi virtual machines being encrypted—causing multimillion-dollar disruptions.
A Wake-Up Call for Retail Cybersecurity
The Co-op breach underscores the growing threat ransomware poses to businesses, especially those holding large volumes of consumer data. Though Co-op initially downplayed the intrusion, the confirmation of stolen data and the emotional fallout expressed by leadership highlight the serious consequences of failing to prevent such attacks.
“We weren’t just attacked as a company,” said Khoury-Haq. “Our members were hurt. Our employees were impacted. That’s what makes this feel so personal.”
Conclusion: Cybersecurity Must Be Proactive, Not Reactive
The Co-op cyberattack serves as a stark reminder that data protection must be a strategic priority for all organizations—especially member-driven ones. With millions of personal records now in criminal hands, the cost of the breach goes far beyond systems and dollars. It erodes trust. Going forward, companies must invest in employee training, enforce zero-trust frameworks, and stay ahead of sophisticated ransomware gangs like Scattered Spider.
