Listen to this Post
A Wake-Up Call for British Retail Cybersecurity
In one of the most severe cyberattacks to hit the UK retail sector in recent years, the Cyber Monitoring Centre (CMC) has classified the twin attacks on Marks & Spencer (M\&S) and the Co-operative Group (Co-op) as a Category 2 systemic cyber event. Estimated damages range from Ā£270 million to a staggering Ā£440 million, sending shockwaves across the British economy, and shaking consumer trust in retail cybersecurity.
The group behind these breaches, DragonForce, claimed responsibility for the attacks, also revealing an attempted infiltration of luxury retailer Harrods. While Harrods has not confirmed any compromise, the method, timing, and scope suggest a well-coordinated campaign targeting major UK retailers.
This article delves into the timeline of the events, the scale of the damage, and the long-term consequences for businesses and consumers alike.
the Cyberattack: From Infiltration to Economic Fallout
In early May, DragonForce, a notorious ransomware and data extortion group, publicly claimed responsibility for the breach into Co-op systems. undercode was contacted directly by the attackers, who shared screenshots of internal communications and screenshots of their extortion messages. The initial breach occurred on April 25, when DragonForce contacted Co-opās cybersecurity head via Microsoft Teams and followed up with a phone call to the companyās security lead.
Initially, Co-op downplayed the breach, stating there was āno evidenceā of compromised customer data. But that narrative changed quickly. It was soon confirmed that data belonging to both current and former members had been accessed. DragonForce alleged they had the personal information of around 20 million Co-op members. While Co-op did not validate this figure, the undercode confirmed the existence of leaked credentials, including names, addresses, emails, phone numbers, and Co-op membership card numbers for 10,000 individuals.
DragonForce also claimed responsibility for a cyberattack on M\&S, and attempted access into Harrods. While fewer details emerged about the M\&S breach, the CMC has confirmed that both attacks shared the same threat actor, attack vector, and methodology ā notably the use of social engineering and stolen credentials.
The CMC declared this a Category 2 systemic event ā a designation for events with significant national impact. It emphasized that the disruption extended well beyond internal IT systems, with severe business interruption, especially at M\&S. That retailer reportedly lost Ā£1.3 million per day in online sales during service downtime and expects Ā£300 million in losses by the 2025/26 financial year. Consumer spending dropped by 22% at M\&S and 11% at Co-op following the breach.
In addition to lost revenue, the attacks highlighted severe weaknesses in supply chains and IT infrastructure. Remote rural communities that depend heavily on Co-op stores were particularly affected. The need for enhanced vendor cybersecurity, regular crisis simulations, and improved access controls is now more evident than ever. The CMC is using these events to push for stronger national cyber resilience strategies.
What Undercode Say:
These twin attacks on M\&S and Co-op arenāt just a cybersecurity headline ā they represent a failure of digital trust and crisis readiness at a structural level. The classification by the CMC as a Category 2 systemic event speaks volumes. We’re no longer talking about isolated hacks or phishing emails; this is full-scale digital warfare on retail operations.
The attackers
M\&Sās projected Ā£300M loss and daily online sale losses of Ā£1.3M underscore that cyber threats today are operational threats. This isnāt about losing files ā itās about losing customers, revenue, and brand reputation. Consumer trust is already thin in the retail world, especially post-pandemic, and this kind of breach only worsens that sentiment.
Rural communities being disproportionately impacted by the Co-op attack also raises a policy issue: Is enough being done to protect essential services in underserved areas? Cybercrime isnāt just a tech issue ā it’s a socio-economic one. If cybersecurity collapses in vital community access points like supermarkets, the fallout is both digital and human.
DragonForce’s profile ā believed to be run by English-speaking teenagers operating cybercrime-as-a-service ā reflects a troubling democratization of hacking. These arenāt rogue state actors or billion-dollar syndicates. These are digital-native youth with tools bought or borrowed off the dark web. That makes detection and deterrence harder and raises major concerns for law enforcement strategy.
Finally, the fact that Harrods may have also been in the crosshairs suggests this wasnāt a hit-and-run ā it was a campaign. Retailers with strong brand equity, valuable data, and significant online infrastructure are prime targets. Yet, there’s little evidence that boards are adjusting their priorities to match this rising threat level.
The message is clear: cybersecurity must become a board-level issue, not an IT department afterthought. Retailers need to test disaster recovery and communications protocols as rigorously as they do their quarterly earnings projections. Resilience, not reaction, must be the mantra going forward.
š Fact Checker Results:
ā
Verified: DragonForce did contact undercode with evidence of the Co-op breach.
ā
Verified: The CMC labeled the attacks as Category 2 systemic incidents with major financial impact.
ā Unverified: DragonForceās claim of 20 million leaked accounts has not been confirmed by Co-op.
š Prediction:
The
References:
Reported By: securityaffairs.com
Extra Source Hub:
https://www.digitaltrends.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
