The Co-op Group, a Manchester-based organization, suffered a severe cyber attack in April 2025, resulting in an £80 million hit to its half-year profits (to July 5, 2025), with an additional projected £40 million loss in the second half of the financial year. The attack disrupted IT systems, causing supply chain failures that led to empty shelves in stores for two weeks. Revenues dropped by 2.1% to £5.484 billion, and a pre-tax profit of £58 million in 2024 turned into a £50 million pre-tax loss in 2025, including the £80 million cyber attack cost. The incident wiped £206 million off revenues, though the company maintained liquidity of £800 million and secured a £350 million lending agreement to stabilize finances. The attack coincided with similar incidents at M&S and Jaguar Land Rover, highlighting the escalating threat of cyber disruptions to critical business operations. Leadership emphasized resilience but acknowledged the need for structural improvements, particularly in the Food business, to mitigate future risks.
TPRM report: https://www.rankiteo.com/company/the-co-op-group
"id": "the3433134092525",
"linkid": "the-co-op-group",
"type": "Cyber Attack",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Retail (Food, Funeralcare, Insurance, '
'Legal Services)',
'location': 'Manchester, UK',
'name': 'Co-op Group',
'size': '53,000 employees',
'type': 'Retail Cooperative'}],
'customer_advisories': ['Assurance of continued service despite disruptions',
'Focus on supporting vulnerable communities during '
'recovery'],
'date_detected': '2025-04-30',
'date_publicly_disclosed': '2025-04-30',
'description': 'The Co-op Group suffered a significant cyber attack on April '
'30, 2025, resulting in a £80m hit to profits, supply chain '
'disruptions, and empty shelves in stores. The attack '
'contributed to a £50m pre-tax loss for the first half of '
'2025, with revenues falling by 2.1% to £5.484bn. The group '
'anticipates an additional £40m loss in the second half of the '
'year. IT systems were partially shut down, and recovery took '
'two weeks. The incident coincided with similar attacks on M&S '
'and Jaguar Land Rover.',
'impact': {'brand_reputation_impact': ['Potential long-term trust erosion',
'Highlighted resilience in public '
'statements'],
'downtime': '2 weeks (recovery phase entered after this period)',
'financial_loss': {'immediate_loss': '£80m (first half of 2025)',
'pre_tax_loss': '£50m (2025, vs. £58m profit in '
'2024)',
'projected_additional_loss': '£40m (second half '
'of 2025)',
'revenue_reduction': '£206m (directly '
'attributed to the hack)'},
'operational_impact': ['Empty shelves in stores',
'Supply chain disruptions',
'Production delays (indirectly mentioned '
'via Jaguar Land Rover comparison)'],
'revenue_loss': '2.1% (£5.484bn vs. prior period)',
'systems_affected': ['IT Systems (partial shutdown)',
'Supply Chain Systems']},
'investigation_status': 'Ongoing (as of July 2025, with long-term mitigation '
'efforts planned)',
'lessons_learned': ['Highlighted strengths in financial resilience and '
'colleague response',
'Identified need for improvements in Food business '
'operations',
'Recognized cyber threats as a persistent risk requiring '
'long-term mitigation',
'Emphasized structural changes and member/customer '
'proposition refinement'],
'post_incident_analysis': {'corrective_actions': ['Refinement of '
'member/customer '
'proposition',
'Structural changes to '
'business operations '
'(especially Food division)',
'Partnership with The '
'Hacking Games to address '
'cyber threat roots',
'Financial measures to '
'ensure stability (e.g., '
'£350m lending agreement, '
'£400m credit facility)']},
'recommendations': ['Disciplined investment approach to bolster cyber '
'defenses',
'Long-term focus on reducing cyber impact',
'Partnerships to address root causes of cyber threats '
'(e.g., The Hacking Games initiative for youth '
'disenfranchisement)',
'Continuous refinement of business structure and member '
'value'],
'references': [{'source': 'Co-op Group Half-Year Financial Report (2025)'},
{'source': 'Public Statements by Co-op Chair (Debbie White) '
'and CEO (Shirine Khoury-Haq)'}],
'response': {'communication_strategy': ['Public announcements on financial '
'impact',
'Statements from Chair (Debbie White) '
'and CEO (Shirine Khoury-Haq)',
'Emphasis on colleague resilience and '
'member support'],
'containment_measures': ['Partial shutdown of IT systems'],
'incident_response_plan_activated': True,
'recovery_measures': ['Entered recovery phase after 2 weeks',
'Maintained trading during disruption']},
'stakeholder_advisories': ['Financial impact disclosed to investors',
'Commitment to long-term recovery communicated to '
'members and employees'],
'title': 'Co-op Group Cyber Attack Leading to £80m Profit Loss',
'type': ['Cyber Attack', 'Supply Chain Disruption', 'Financial Impact']}