The Co-operative Group suffered a **sophisticated malicious cyber attack** in April, resulting in a **£75 million underlying pre-tax loss** for the first half of 2025 (down from a £3 million profit the previous year). The attack disrupted operations, causing **£206 million in lost sales** and an **£80 million earnings hit**, including £20 million in one-off costs. Shoppers faced **empty shelves and payment issues**, while the group temporarily shut down IT systems to contain the threat. Hackers **accessed and extracted personal data** of all **6.5 million Co-op members**, creating a copy of a company file but failing to deploy planned ransomware. The breach forced prioritization of essential services (e.g., funerals) and stock allocation to rural stores. The incident exposed vulnerabilities, particularly in the food business, prompting structural changes. The Co-op offered affected members a **£10 discount** as compensation. Leadership emphasized resilience but acknowledged the need for long-term improvements in cybersecurity and business operations.
TPRM report: https://www.rankiteo.com/company/the-co-op-group
"id": "the3892438092525",
"linkid": "the-co-op-group",
"type": "Cyber Attack",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '6.5 million members + shoppers '
'(disrupted services)',
'industry': 'Retail (Food, Funerals, etc.)',
'location': 'United Kingdom',
'name': 'The Co-operative Group',
'size': '53,000 employees; 6.5 million members',
'type': 'Retailer/Consumer Co-operative'}],
'attack_vector': 'Sophisticated hacking (details unspecified)',
'customer_advisories': '£10 discount for members on £40 shop as apology',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '6.5 million',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (personal information)',
'type_of_data_compromised': 'Personal data (members)'},
'date_detected': '2025-04',
'date_publicly_disclosed': '2025-07',
'description': 'The Co-operative Group suffered a sophisticated cyber attack '
'in April 2025, resulting in an £80 million earnings hit, '
'operational disruptions (e.g., empty shelves, payment '
'issues), and the theft of personal data from all 6.5 million '
'members. The attack was contained by shutting down IT '
'systems, preventing further ransomware deployment. The group '
'reported a £75 million pre-tax loss for H1 2025, with sales '
'impacted by £206 million. Recovery efforts included '
'maintaining essential services (e.g., funerals), prioritizing '
'rural stores, and offering members a £10 discount as '
'compensation.',
'impact': {'brand_reputation_impact': 'Significant (acknowledged by '
'leadership; mitigation via £10 '
'discount for members)',
'data_compromised': 'Personal data of 6.5 million members (file '
'copied by hackers)',
'financial_loss': {'earnings_impact': '£80 million (including £20 '
'million one-off costs)',
'operating_loss': '£32 million (vs. £47 million '
'earnings prior year)',
'pre_tax_loss': '£75 million (vs. £3 million '
'profit prior year)',
'sales_impact': '£206 million'},
'identity_theft_risk': 'High (personal data of 6.5 million members '
'stolen)',
'operational_impact': ['Empty shelves',
'Payment processing issues',
'Disrupted supply chain (prioritized rural '
'stores)',
'Independent co-op societies and franchise '
'partners affected'],
'revenue_loss': '£206 million (sales impact)',
'systems_affected': ['IT systems (partially shut down)',
'Payment systems',
'Inventory management']},
'initial_access_broker': {'high_value_targets': ['Member database (6.5 '
'million records)']},
'investigation_status': 'Ongoing (as of July 2025 disclosure; further impacts '
'expected in H2 2025)',
'lessons_learned': ['Highlighted strengths in balance sheet resilience and '
'colleague response',
'Exposed vulnerabilities in food business operations',
'Need for structural changes and refined member/customer '
'propositions'],
'motivation': ['Financial Gain', 'Data Theft'],
'post_incident_analysis': {'corrective_actions': ['Structural business '
'changes',
'Refined member/customer '
'propositions',
'Long-term resilience '
'planning'],
'root_causes': ['Sophisticated attack (specifics '
'undisclosed)',
'IT system vulnerabilities '
'enabling data exfiltration']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Refine member and customer propositions',
'Implement structural changes to the business',
'Long-term strategic adjustments for resilience'],
'references': [{'source': 'The Standard'}],
'response': {'communication_strategy': ['Public disclosure in July 2025',
'Statements by Chairwoman (Debbie '
'White) and CEO (Shirine Khoury-Haq)'],
'containment_measures': ['Temporary shutdown of IT systems',
'Prevented further ransomware '
'deployment'],
'incident_response_plan_activated': True,
'recovery_measures': ['Prioritized essential services (e.g., '
'funerals)',
"Stock prioritization for rural 'lifeline' "
'stores',
'Support for independent co-op societies '
'and franchise partners',
'£10 discount for members (on £40 shop)']},
'stakeholder_advisories': ['Public statements by leadership',
'Member compensation (£10 discount)'],
'title': 'Cyber Attack on The Co-operative Group (April 2025)',
'type': ['Data Breach', 'Cyber Attack', 'Attempted Ransomware']}