The Co-op cyberattack has left the retailer reeling, with the group confirming it expects a full-year earnings impact of approximately £120 million following the “malicious” April incident that disrupted operations, emptied store shelves, and resulted in the theft of member data.
The Co-op cyberattack directly reduced sales by around £206 million, causing an £80 million hit to half-year earnings. The group anticipates an additional £40 million impact in the second half of 2025 as it continues to recover from the incident.
Financial and Operational Fallout
The Co-op cyberattack forced the retailer to post a £75 million underlying pre-tax loss for the six months to July 5, compared with a £3 million profit in the same period last year. Operating results also swung sharply, with the group reporting a £32 million underlying operating loss, down from earnings of £47 million a year earlier.
The incident added to mounting cost pressures, including higher wage bills following the increase in national insurance contributions earlier in the year. Despite these challenges, the group emphasized that its balance sheet strength and the response of its 53,000 employees allowed it to maintain essential services.
Debbie White, chairwoman of the Co-op, said: “The first half of 2025 brought significant challenges, most notably from a malicious cyberattack. Our balance sheet strength and the magnificent response of our 53,000 colleagues enabled us to maintain vital services for our members and their communities.”
Co-op Cyberattack Details and Customer Impact
The April breach saw hackers infiltrate IT systems by impersonating employees and tricking staff into granting access. Attackers extracted member data, impacting all 6.5 million Co-op members, but were prevented from deploying ransomware across the network.
In response to the Co-op cyberattack, the retailer shut down several IT systems to contain the threat. This decision temporarily disrupted payment systems and led to empty shelves across multiple stores. Essential services, including the group’s funerals business, remained operational, and stock was prioritized for rural “lifeline” stores.
To ease the disruption, the retailer offered members a £10 discount on a £40 shop and provided additional support to independent co-op societies and franchise partners.
Despite these measures, the group reported ongoing challenges, including a slower return of customer numbers to convenience stores and delays in restoring full back-office operations.
Industry Context and Wider Implications
The Co-op cyberattack came amid a wave of high-profile breaches on UK retailers. Earlier this year, Marks & Spencer was forced to halt online orders for six weeks following a breach, with losses of up to £300 million. Separately, Jaguar Land Rover continues to face significant disruption from an ongoing cyberattack.
These events highlight the rising frequency and cost of supply chain and retail-focused cyber threats, which often target payment systems, distribution channels, and customer data. The Co-op confirmed that its attackers had created copies of key files but were unable to escalate the attack to its wider platforms.
Shirine Khoury-Haq, chief executive of the Co-op, said: “The Co-op cyberattack highlighted many of our strengths. But more importantly, it also highlighted areas we need to focus on – particularly in our food business. Whenever a business experiences a significant event like this, the real shame would not be to come out stronger.”
Recovery and Next Steps
The Co-op has resumed its expansion plans, with 30 new store openings expected in the second half of 2025. The group has also restructured parts of its leadership, creating a new commercial and logistics division to strengthen resilience and operational efficiency.
As part of its reflection on the incident, the retailer has emphasized the need for stronger cybersecurity defenses and enhanced employee awareness of social engineering risks, given that the breach originated through impersonation tactics.
The company remains focused on rebuilding consumer confidence, securing its systems, and preventing long-term erosion of its customer base.
Cybersecurity Lessons for Retail
The Co-op cyberattack underscores the vulnerability of large retail operations to targeted digital threats. With vast customer data pools, complex supply chains, and high transaction volumes, retailers remain prime targets for malicious actors.
For businesses in the sector, the incident highlights several critical priorities:
- Rapid incident response to contain attacks and protect essential operations.
- Employee training to recognize and prevent impersonation attempts.
- Resilient IT architecture that can maintain core services even when systems are shut down.
- Customer engagement strategies to rebuild trust after a data breach.
As the retail industry adapts, the Co-op’s recovery will serve as a case study in managing the balance between operational resilience and cybersecurity readiness in the face of sophisticated digital threats.
