The Co-operative Group, one of the UK retailers, confirmed that a major cyberattack in April 2025 led to the theft of personal data from all 6.5 million members. Information including names, home addresses, emails, and phone numbers was accessed. While no financial or transactional data was compromised, the incident has raised serious concerns about corporate cybersecurity readiness.
Co-op CEO Shirine Khoury-Haq publicly apologized, calling the breach a “deeply personal failure.” The company quickly shut down parts of its infrastructure to block ransomware deployment—an action that likely prevented a more catastrophic outcome. Still, the fallout was considerable: grocery operations were disrupted, and funeral homes had to rely on manual systems for weeks.
Despite early detection of suspicious activity by internal systems, Co-op confirmed it did not have cyber insurance, leaving the organization to absorb the full financial and reputational cost of the breach.
Scattered Spider Hackers and Arrests Across UK and Europe
The breach has been linked to a coordinated series of attacks on other UK retailers including Marks & Spencer and Harrods. The hacker group known as Scattered Spider, or “DragonForce,” is suspected of being behind the attack.
On July 10, UK authorities arrested four individuals—three British teens aged 17–19 and a 20-year-old Latvian national. The arrests, made across Staffordshire, the West Midlands, and London, involved multiple charges including unauthorized access to computer systems, blackmail, and money laundering.
The UK’s National Crime Agency (NCA) confirmed its ongoing investigation in collaboration with local police and the National Cyber Crime Unit. Seized electronic devices are being analyzed for further links to international hacking operations.
Recovery Plan and Cybersecurity Push for the Future
In response of UK retailers, Co-op has launched an aggressive plan to strengthen its cybersecurity systems. This includes rebuilding its digital infrastructure, enhancing identity management through AWS and Microsoft’s DART service, and receiving consultation from KPMG.
More notably, Co-op has also begun investing in youth cybersecurity education, partnering with The Hacking Games to inspire young talent to pursue ethical hacking careers. The initiative is being rolled out through Co-op’s Academies Trust to combat the allure of cybercrime for tech-savvy youth.
The Information Commissioner’s Office (ICO) advised all affected members to be vigilant: activate two-factor authentication, monitor for phishing attempts, and report any suspicious activity. Experts view the Co-op attack as part of a rising wave of cyber threats targeting UK retail—a trend that previously impacted WH Smith and Morrisons as well.
CEO Khoury-Haq emphasized the company’s forward-looking stance: “We can’t just stand back and hope it doesn’t happen again—to us or to others.”
