It has been reported in the press that this breach potentially exposed the personal information of up to 8 million individuals who had registered for the Co-op membership scheme, including names, addresses, emails, phone numbers, and membership card numbers. While financial details were reportedly not compromised, the exposed data can still be used for identity theft and fraud.
The hacking group known as DragonForce has taken responsibility for the attack. The same group has also been linked to the M&S cyberattack and an attempted breach of Harrods. According to their claims, the stolen data includes private information belonging to as many as 8 million individuals who registered with the Co-op membership scheme.
Those impacted may now be vulnerable to fraud-related crimes such as identity theft, scams, and long-term damage to their credit profile.
Many cyberattacks succeed when businesses fail to implement proper data protection measures. With this in mind, legal experts are preparing action against the Co-op to seek justice for those whose data may have been exposed.
If you’ve received confirmation that your details were involved in this breach, you could be entitled to financial compensation. Use our quick and easy eligibility checker to find out if you can join the group legal action—just answer a few simple questions to get started.
At KP Law, we specialise in group litigation and have a proven track record in handling data breach cases. Our experienced team is committed to ensuring that affected individuals receive the compensation they deserve.
If eligible, provide your details to register your interest.
Our team will guide you through the process and represent you on a no-win, no-fee basis.
If you believe your data was compromised in the Co-op breach, don’t wait. Join the group claim to seek the compensation you deserve.
While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:
With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.
GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.
See our answers to the FAQs we get asked about the Co-op Data Breach.
In early 2025, the Co-op admitted that the data they held for up to 8 million members had been stolen by cyber criminal group DragonForce.
The criminal group accessed names, addresses and contact information including emails and phone numbers. The Co-op have stated that no financial or transactional information was accessed in the breach.
The Co-op released an FAQ for affected customers on their website here.
Co-op should be in touch to notify affected individuals.
Anyone who thinks they might be involved should take immediate steps to protect themselves. Find out how to do this here.
If you receive notification that you are affected by the Co-op data breach, register to receive updates on our investigation. We’ll let you know what’s happening, and if and when you can make a data breach compensation claim.
A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions, multi-claimant, or multi-party actions.
There are no costs to join our claim. However, if your claim is successful, you may have to pay a ‘success fee’. This fee is taken from the compensation awarded to you. At KP Law, our success fee is competitive, and we make sure you are fully informed about any potential costs before you officially join our action. If you lose, you won’t have to pay a penny.
