On Thursday, September 25, 2025, the Co-operative Group—one of Britain’s oldest and most recognizable retailers—unveiled a set of financial results that sent shockwaves through the business world. The company reported a pre-tax loss of £75 million for the first half of 2025, a dramatic reversal from the £3 million profit it had posted during the same period last year. The culprit? A sophisticated and malicious cyber-attack that struck the Co-op in April, leaving a trail of disruption, financial loss, and shaken consumer confidence in its wake.
The Co-op, a 181-year-old institution known for its food retail, funeral care, legal services, and insurance, has weathered many storms over the decades. But this latest challenge was something new. According to the company’s financial disclosures and statements from senior leadership, the cyber-attack directly resulted in an £80 million hit to operating profit for the six months ending July 5, 2025. The breach forced the shutdown of key IT systems, causing chaos across the group’s operations and leading to an estimated £206 million in lost revenue.
Shoppers across the UK felt the impact almost immediately. As reported by The Register and NationalWorld, many Co-op stores faced empty shelves and issues with payment systems. Some customers, accustomed to the convenience of modern retail, suddenly found themselves unable to pay electronically or locate basic goods. Even the company’s funeral parlours had to revert to paper-based systems to keep essential services running. The fallout was so severe that the Co-op offered its 6.5 million members a £10 discount off a £40 shop as a gesture of thanks for their patience during the disruption.
Debbie White, chairwoman of the Co-op, didn’t mince words about the scale of the crisis. In her statement, she described the event as “a significant challenge” and a “malicious cyber attack.” She noted, “The first half of 2025 brought significant challenges, most notably from a malicious cyber attack. Our balance sheet strength and the magnificent response of our 53,000 colleagues enabled us to maintain vital services for our members and their communities.”
The attack, which the company characterized as “sophisticated,” was executed via social engineering. Hackers impersonated a Co-op employee and tricked help desk staff into resetting credentials, thereby gaining access to the corporate network. Once inside, the attackers managed to extract the personal data of all 6.5 million Co-op members—including names, addresses, and contact details—but, crucially, did not obtain any payment card or transaction data. The company acted swiftly, shutting down compromised systems before the hackers could deploy ransomware, a move that likely spared it even greater losses.
Still, the damage was extensive. The group’s total revenue for the six months to July 5, 2025, fell to £5.48 billion from £5.6 billion the previous year. The company also reported an underlying operating loss of £32 million, a sharp swing from the £47 million profit it had notched up a year earlier. There was also a £20 million non-underlying one-off cost included in the losses, though the company has yet to explain the nature of this payment.
Co-op chief executive Shirine Khoury-Haq acknowledged the dual nature of the crisis, saying, “The cyber attack highlighted many of our strengths. But more importantly, it also highlighted areas we need to focus on – particularly in our food business. We’ve already started on this journey, refining our member and customer proposition, making structural changes to our business, and setting our Co-op up for long-term success.” She also emphasized the group’s financial resilience, stating, “When we experienced a significant cyber attack, that financial strength allowed us to respond as a member-owned organization. I’m very proud of how we reacted: we kept trading, prioritized colleagues and vulnerable communities, and launched a partnership with The Hacking Games to tackle youth disenfranchisement – the root of many cyber threats.”
The breach didn’t just disrupt daily operations; it also triggered a regulatory response. The Information Commissioner’s Office is expected to investigate how such a vast trove of personal data was exposed. Meanwhile, law enforcement moved with unusual speed: the UK’s National Crime Agency arrested four suspects—three British nationals and one Latvian—on suspicion of involvement in a series of attacks against Co-op, Marks & Spencer, and Harrods. The group is believed to be linked to Scattered Spider, a loosely organized crew of hackers from the UK and US blamed for several high-profile breaches in recent years.
The Co-op’s experience is part of a broader trend. The April attack occurred during a wave of cyber incidents targeting major British retailers. Marks & Spencer, for example, faced a £300 million financial hit and was forced to halt online sales for six weeks. Harrods and other household names have also been targeted. However, the Co-op’s rapid detection and response allowed it to resume normal trading more quickly than some of its peers, a small silver lining in an otherwise grim episode.
Despite the turmoil, the Co-op is looking to the future. The company predicts a £120 million hit to full-year profits, with only limited insurance coverage to offset its losses. Management expects the impact of the cyber-attack to lessen in the second half of the year, but warns that cost pressures, volatile markets, and stiff competition will continue to challenge the group. As part of its recovery strategy, the Co-op plans to centralize IT teams across its divisions—a move that will likely result in redundancies—as well as open 30 new stores in the latter half of 2025. The company has also prioritized stock for rural “lifeline” stores and supported independent co-op societies and franchise partners to minimize disruption.
For its millions of members and customers, the Co-op’s ordeal is a stark reminder of the vulnerabilities that even the most established organizations face in the digital age. It also underscores the importance of robust cybersecurity, swift crisis management, and transparent communication. While the worst of the hack may be in the rearview mirror, the Co-op’s journey to rebuild trust and financial stability is only just beginning.
