The Co-op, a UK-based food-to-funerals group, suffered a **sophisticated, multi-stage cyber attack in April**, initiated via **social engineering** (impersonating an employee). Though the attack was **contained within minutes**, its fallout caused **£200M in lost sales (6 months to July)**, with projections reaching **£300M by next year** and a **£120M annual profit hit**. Systems remained disrupted, leading to ongoing operational challenges. The attackers attempted **ransomware deployment** (4,000 attempts/minute over hours), but malware was blocked. The incident exposed **underinsurance gaps**, with unrecoverable losses. The Co-op’s H1 2023 results plummeted from a **£3M profit to a £75M loss**, compounded by higher employee costs. Leadership cited **youth disenfranchisement** as a root cause of cyber threats and partnered with *The Hacking Games* for mitigation.
Source: https://www.mirror.co.uk/money/co-op-set-take-120million-35964250
TPRM report: https://www.rankiteo.com/company/the-co-op-group
"id": "the1892618092525",
"linkid": "the-co-op-group",
"type": "Cyber Attack",
"date": "6/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': ['Retail (Food)',
'Funeral Services',
'Insurance',
'Legal Services'],
'location': 'United Kingdom',
'name': 'Co-op Group',
'size': 'Large (millions of members)',
'type': 'Retail Cooperative'}],
'attack_vector': ['Social Engineering (Impersonation of Employee)',
'Malware Deployment',
'Ransomware Attempt'],
'date_detected': 'April 2023',
'description': 'The Co-op, a food-to-funerals group, suffered a '
'sophisticated, multi-staged cyber attack in April 2023. The '
'attack involved social engineering, where hackers '
'impersonated an employee to gain access. The attack was '
'largely contained within minutes, but malware was later '
'discovered and blocked. The incident disrupted systems, '
'leading to an estimated £300 million loss in sales and a £120 '
'million hit to annual profits. The Co-op admitted it was '
'underinsured and unable to recover all losses. The attack '
'highlighted ongoing vulnerabilities, with the company facing '
'thousands of weekly cyber attack attempts. The root cause was '
"attributed in part to 'youth disenfranchisement,' and the "
'Co-op partnered with *The Hacking Games* to address this '
'issue.',
'impact': {'brand_reputation_impact': 'Moderate (public disclosure of attack '
'and financial losses)',
'downtime': 'Ongoing (some systems not fully restored as of July '
'2023)',
'financial_loss': '£120 million (annual profit hit); £300 million '
'(potential sales loss)',
'operational_impact': 'Disrupted trading, prioritization of '
'vulnerable communities, 4,000 attack '
'attempts per minute during peak',
'revenue_loss': '£200 million (first six months); £300 million '
'(potential total)',
'systems_affected': ['Operational Systems (Partial Downtime)',
'Sales Systems']},
'initial_access_broker': {'backdoors_established': 'Attempted (malware found '
'but blocked)',
'entry_point': 'Social Engineering (Impersonation '
'of Employee)'},
'investigation_status': 'Ongoing (as of July 2023, some systems still not '
'fully restored)',
'lessons_learned': ['Importance of layered cyber defenses and rapid response',
'Need for better insurance coverage against cyber risks',
"Addressing root causes like 'youth disenfranchisement' "
'as a contributor to cyber threats',
'Focus on strengthening food business cybersecurity'],
'motivation': ['Financial Gain (Ransomware Attempt)',
'Potential Data Theft/Disruption'],
'post_incident_analysis': {'corrective_actions': ['Enhanced monitoring and '
'layered defenses',
'Partnership with *The '
'Hacking Games* to address '
'cyber threat roots',
'Focused improvements in '
'food business '
'cybersecurity'],
'root_causes': ['Social Engineering Vulnerability '
'(Employee Impersonation)',
'Sophisticated, Persistent, and '
'Multi-Staged Attack',
'Youth disenfranchisement (claimed '
'as a broader root cause by Co-op '
'CEO)']},
'ransomware': {'data_encryption': 'Attempted (but blocked)',
'ransom_paid': 'No (attack was contained before ransomware '
'deployment)'},
'recommendations': ['Increase investment in proactive threat detection and '
'response capabilities',
'Review and expand cyber insurance policies',
'Enhance employee training on social engineering tactics',
'Collaborate with initiatives like *The Hacking Games* to '
'mitigate long-term cyber threats'],
'references': [{'source': 'The Mirror'}],
'response': {'communication_strategy': ['Public Disclosure of Financial '
'Impact',
'Media Statements by Executives '
'(e.g., Rob Elsey, Shirine '
'Khoury-Haq)'],
'containment_measures': ['Immediate Account Lockdown',
'Malware Blocking',
'Layered Cyber Defenses'],
'enhanced_monitoring': 'Yes (continuous investment in layered '
'defenses)',
'incident_response_plan_activated': 'Yes (within minutes of '
'detection)',
'recovery_measures': ['Prioritization of Critical Services '
'(e.g., Vulnerable Communities)',
'Partnership with *The Hacking Games* to '
'Address Root Causes'],
'remediation_measures': ['System Restoration (Ongoing)',
'Enhanced Monitoring']},
'title': 'Co-op Cyber Attack (April 2023)',
'type': ['Cyber Attack',
'Social Engineering',
'Ransomware Attempt',
'Malware Infection'],
'vulnerability_exploited': 'Human Vulnerability (Social Engineering via '
'Impersonation)'}