In a coordinated wave of cyberattacks targeting the UK’s retail sector, DragonForce, a known cybercrime gang, has claimed responsibility for recent breaches affecting Co-op, Marks & Spencer (M&S), and Harrods. The group’s primary motive, according to a spokesperson, was extortion, with attackers successfully stealing customer data and deploying ransomware to disrupt operations across multiple companies.
Co-op Group, one of the UK’s largest supermarket chains, on Friday confirmed that personal data of both current and former members was accessed in the breach. While the attack did not compromise financial information such as passwords, bank account details, or transaction history, the exposure of names and contact details has raised significant concerns about data privacy and potential follow-up fraud.
“The accessed data included information relating to a significant number of our current and past members,” Co-op said in a statement. “We are actively investigating the matter with UK authorities and experiencing sustained malicious access attempts.”
Marks & Spencer Still Recovering After Ransomware Attack
Marks & Spencer (M&S) was the first to publicly disclose a cyber incident, which occurred on April 22, disrupting contactless payments and online orders. The company revealed its systems had been infected with DragonForce’s proprietary ransomware, which encrypted key operational files and forced several digital services offline.
Customers experienced checkout failures, unavailable product listings, and delivery delays, with widespread reports of empty shelves and stock outages in physical stores. M&S CEO Stuart Machin took to X (formerly Twitter) on Friday, issuing an apology: “We’re working day and night to resolve the issue and restore full operations. We deeply regret the inconvenience caused to our loyal customers.”
The retailer has yet to fully restore some digital and in-store services, and internal investigations are ongoing in coordination with UK cybersecurity authorities.
Harrods, Too, Hit by Attempted System Intrusions
The cybercrime spree did not stop with supermarkets. On May 1, luxury department store Harrods Ltd. issued a statement confirming attempts to breach its systems. In response, the company restricted internet access at its retail locations to minimize further risk.
While Harrods has not confirmed the extent of the attack or whether customer data was compromised, it is working closely with cybersecurity professionals to monitor and strengthen digital infrastructure.
“We have implemented precautionary restrictions and are reviewing our systems to ensure continued protection for our customers and operations,” a Harrods spokesperson said.
DragonForce’s Campaign: Sophistication, Ransom Demands, and Data Exposure
According to an interview conducted by Bloomberg News with a spokesperson for DragonForce, the group, along with affiliated cyber actors, launched the attacks to extort money from the companies, and claims to have accessed substantial amounts of sensitive customer data.
This marks the first direct confirmation that all three retail breaches were linked and carried out by the same group. DragonForce is known for leveraging ransomware, data exfiltration, and persistent access techniques, often targeting sectors where downtime leads to high financial pressure and reputational risk.
Cybersecurity analysts warn that the campaign reflects a trend of escalating attacks on consumer-facing infrastructure, with cybercriminals now targeting companies that rely heavily on operational continuity and customer trust.
ALSO READ: OEMs Invited to Showcase Tech Solutions to Police and LEAs
UK Retail Sector on High Alert
As UK authorities continue investigating, cybersecurity experts are urging retailers to review their incident response plans, reinforce access controls, and monitor for credential leaks and lateral movement within their networks.
The National Cyber Security Centre (NCSC) has also released advisories to help businesses defend against ransomware gangs and extortion-driven actors, warning that supply chains and customer data remain prime targets.
Meanwhile, Co-op, M&S, and Harrods are working to assess the full scale of their breaches, inform affected individuals, and prevent further compromise—an uphill battle in an increasingly hostile cyber landscape.