Co-op Group Warns of £120 Million Profit Hit After Sophisticated Cyberattack
The UK’s Co-op Group, a 181-year-old member-owned cooperative operating in food retail, funeral services, legal, and insurance sectors, disclosed a significant financial impact from a "sophisticated" cyberattack in April. The breach, which exploited social engineering tactics specifically, attackers impersonating a colleague to gain account access forced the company to temporarily shut down multiple systems to contain the threat.
The incident disrupted operations, including food availability in stores, and contributed to a first-half underlying loss before tax of £75 million, compared to a £3 million profit in the same period last year. Revenue also declined by 2.1% to £5.5 billion. The Co-op estimates the full-year profit impact at £120 million, with limited insurance coverage expected to offset only a portion of the losses.
While the company had cyber insurance for immediate response measures, it does not anticipate claiming for broader financial damages. The attack’s fallout included a £206 million revenue hit and an £80 million profit reduction in the first half, with an additional £40 million allocated in the second half to strengthen cyber defenses. The Co-op plans to open 30 new stores despite ongoing cost pressures and market volatility.
The breach reflects a growing trend of aggressive cyberattacks targeting British organizations, with recent victims including the British Library and London Underground. The Co-op’s response highlights the financial and operational risks of such incidents, even for companies with preparedness measures in place.
Source: https://www.reuters.com/world/uk/britains-co-op-says-cyberattack-cost-it-108-million-2025-09-25/
Co-op cybersecurity rating report: https://www.rankiteo.com/company/the-co-op-group
"id": "THE1770266348",
"linkid": "the-co-op-group",
"type": "Cyber Attack",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': ['Food Retail',
'Funeral Services',
'Legal',
'Insurance'],
'location': 'UK',
'name': 'Co-op Group',
'type': 'Cooperative'}],
'attack_vector': 'Social Engineering',
'date_detected': '2024-04',
'description': 'The UK’s Co-op Group disclosed a significant financial impact '
'from a sophisticated cyberattack in April. The breach '
'involved social engineering tactics, where attackers '
'impersonated a colleague to gain account access, forcing the '
'company to temporarily shut down multiple systems to contain '
'the threat. The incident disrupted operations, including food '
'availability in stores, and contributed to a first-half '
'underlying loss before tax of £75 million.',
'impact': {'financial_loss': '£120 million estimated full-year profit impact',
'operational_impact': 'Disrupted operations, including food '
'availability in stores',
'revenue_loss': '£206 million revenue hit in the first half',
'systems_affected': 'Multiple systems shut down'},
'initial_access_broker': {'entry_point': 'Social engineering (impersonation '
'of a colleague)'},
'post_incident_analysis': {'corrective_actions': '£40 million allocated to '
'strengthen cyber defenses',
'root_causes': 'Sophisticated cyberattack '
'exploiting social engineering'},
'references': [{'source': 'Cyber Incident Description'}],
'response': {'containment_measures': 'Temporarily shut down multiple systems'},
'title': 'Co-op Group Cyberattack Resulting in £120 Million Profit Hit',
'type': 'Cyberattack',
'vulnerability_exploited': 'Impersonation of a colleague'}