The cyberattack at the Co-op Group is now confirmed to have involved the personal data of all 6.5 million members.
As reported by Cybernews, Shirine Khoury-Haq, CEO, gave an interview on the BBC this week expressing her regret over the events and confirming the details.
The hackers, believed to be members of the Scattered Spider group, managed to copy the member list which included personal details such as full names, home addresses, email addresses, phone numbers and birth dates.
Fortunately, as Co-op had previously invested in detection systems that alerted it to the unusual behavior within a few hours, the group was able to shut down parts of its system within hours of the breach keeping the attackers from deploying the DragonForce ransomware.
This means that no financial data, purchase history or transaction data was taken and that the hackers were unable to fulfill their goal of using the ransomware attack to blackmail the group. It also means that the attackers were unable to erase what they did, and their code was sent back to authorities resulting in arrests being made.
The attack on Co-op occurred in April, just days after the attack on M&S and is believed to be part of a broader campaign that also resulted in a cyberattack targeting Harrods. The Scattered Spider group uses deception tactics to trick IT helpdesk employees into giving its hackers access to a network; the attacks often result in empty grocery store shelves or other businesses reverting back to paper based systems in order to continue operations.
How to stay safe
The Information Commissioner’s Office, the UK’s data protection watchdog has said that anyone concerned about their personal data should visit its website for information and support.
Additionally, Co-op members should be on alert for any signs of phishing attacks since threat actors will be looking for vulnerable targets using this stolen data. So be on alert for signs of phishing scams and social engineering attacks so you can avoid falling victim to them. Hackers will often leverage all the information they have on a potential target in order to try and trick you into clicking on a malicious link or downloading a malicious app or other software that appears legitimate but actually contains viruses.
Likewise, never click on unexpected links, QR codes or attachments or links from unknown senders. Verify through independent means if someone contacts you asking you to download or click on something. Likewise, don't share personal information with people you don't know online, and clear out any old emails that may contain personal details and information.
If you don't already have one of the best antivirus software solutions installed on your devices, make sure you get one. They have multiple features that can help protect you when you go online from VPNs and website alerts to identity monitoring and phishing protection.
