In April 2025, The Co-op—one of the UK’s largest retailers—confirmed a data breach that exposed the personal information of 6.5 million members. No financial data was taken, but the attack hit at the core of trust, with CEO Shirine Khoury-Haq calling it a “personal attack on our members and colleagues.”
This wasn’t just a technical failure—it was a masterclass in social engineering, executed by attackers linked to Scattered Spider and DragonForce ransomware. By impersonating staff and manipulating the IT helpdesk, the attackers gained privileged access and exfiltrated password hashes, enabling lateral movement and data theft without ever breaching a firewall.
In this episode:
- How the attackers bypassed defenses using psychological manipulation—not malware
- The role of DragonForce ransomware and why Scattered Spider keeps showing up in major breaches
- Why social engineering remains the #1 cause of network compromise
- What retailers like Co-op and M&S are learning the hard way about helpdesk security, privileged accounts, and digital trust
- Arrests made by the UK’s National Crime Agency and their connection to the MGM Resorts breach
We also dive into the broader context:
- Why retail is an increasingly high-value target
- The compliance landscape for UK retailers (GDPR, PCI DSS, Cyber Essentials)
- Critical mitigation strategies: phishing-resistant MFA, ZTNA, PAM, and resilient incident response plans
This is not just about one breach—it’s about how an entire sector can fall to a single phone call.
