In April 2025, the Co-operative Group—one of the UK’s largest mutual retailers—was rocked by a cyber attack that would come to define the company’s year. The attack, which forced the shutdown of critical IT systems and disrupted both grocery and funeral services, quickly spiraled into one of the most significant cybersecurity incidents in British retail history, impacting millions and reverberating across the sector.
According to Sky News, the immediate financial fallout was staggering. The Co-op reported an £80 million hit to its half-year operating profits, with the total profit damage expected to reach £120 million by the end of the year. This sharp reversal saw the company swing from a pre-tax profit of £3 million in the same period the previous year to a loss of £75 million for the first half of 2025. The broader impact on sales revenue was even more dramatic—an estimated £206 million was lost as a direct consequence of the attack.
The disruption was felt not just in the boardroom, but in communities across the UK. Customers encountered empty shelves and payment problems as the Co-op scrambled to restore control of its key systems. In-store operations faltered, with rural locations prioritized for limited deliveries until stocks recovered in late May. The company’s funeral parlours, meanwhile, had to revert to paper-based systems, a stark reminder of the organization’s reliance on digital infrastructure, as reported by The Guardian.
The scale of the breach became fully apparent in July, when the Co-op confirmed that the personal data of all 6.5 million of its members had been stolen. The compromised information included names, addresses, and contact details, though, crucially, no financial data such as credit or debit card details was accessed during the attack. Co-op CEO Shirine Khoury-Haq offered a public apology, telling BBC Breakfast, “I am incredibly sorry. It’s awful to have happened. That’s why we feel like we have to do something positive now.”
Chairwoman Debbie White echoed the sentiment, emphasizing the resilience of the organization’s workforce: “The first half of 2025 brought significant challenges, most notably from a malicious cyber attack. Our balance sheet strength and the magnificent response of our 53,000 colleagues enabled us to maintain vital services for our members and their communities. We must now build our Co-op back better and stronger to meet the challenges and opportunities that lie ahead.”
Despite the adversity, the Co-op’s leadership maintained a tone of defiance and determination. Khoury-Haq stated, “The cyber-attack highlighted many of our strengths. But more importantly, it also highlighted areas we need to focus on—particularly in our food business.” She noted that the company had already begun refining its member and customer propositions and was implementing structural changes aimed at long-term success. The group remains focused on expansion, with plans to open 30 new stores in the second half of 2025, including food outlets and franchise operations. In July, the company launched its first “on the go” store in Solihull, signaling an ambition to challenge established quick-service brands like Greggs and Pret a Manger.
The Co-op was not alone in facing such threats. The attack was part of a wider wave of cyber incidents targeting UK retailers in 2025. Marks & Spencer (M&S) and Harrods were also hit, with M&S estimating a £300 million cost from its own ransomware attack. However, unlike Co-op, M&S expects to recover much of its losses through insurance. The Co-op, by contrast, found its insurance policies insufficient to cover the full scale of the damage, a reality that has put the issue of cyber insurance front and center for British businesses. As Computer Weekly reported, the Co-op was not covered for the full spectrum of cyber-related losses, leaving the company to shoulder much of the financial burden alone.
The UK’s Cyber Monitoring Centre (CMC) identified the Scattered Spider hacking group as the source of both the Co-op and M&S attacks. The CMC estimated the economic damage from these incidents to be between £270 million and £400 million, drawing on public and commercial data sources. Notably, the CMC’s analysis found that daily spend at the Co-op dropped by 11% during the first 30 days after the incident, a dramatic indicator of the attack’s immediate impact on consumer behavior.
Stephen McPartland, author of the McPartland Review into cyber security and a former Minister of State for Security, told Computer Weekly, “The Co-op's staggering losses show that even a multi-billion pound business lacks the requisite defences to withstand the increasingly sophisticated nature of cyber crime. Sadly, many smaller businesses in the Co-op's supply chain simply do not have the cashflow to survive such shocks.” He went on to call for cyber resilience to be treated as a fundamental part of the UK's economic infrastructure, warning that the vulnerabilities exposed by these attacks threaten not only individual companies but also jobs, communities, and Britain’s competitiveness.
In response to the crisis, the Co-op took several notable steps. The company collaborated with the National Cyber Security Centre (NCSC) to contain the incident and launched a partnership with The Hacking Games to address youth disenfranchisement, which Khoury-Haq described as a root cause of many cyber threats. “I’m very proud of how we reacted: we kept trading, prioritized colleagues and vulnerable communities, and launched a partnership with The Hacking Games to tackle youth disenfranchisement—the root of many cyber threats,” she said, as reported by ITPro.
The UK government, meanwhile, has described the run of hacking attempts as a “wake-up call” for the business community, urging continued investment in cybersecurity. The National Crime Agency (NCA) made four arrests in connection with the Co-op, M&S, and Harrods attacks, including two 19-year-old men, a 17-year-old boy, and a 20-year-old woman. Paul Foster, deputy director of the NCA’s National Cyber Crime Unit, remarked, “Since these attacks took place, specialist NCA cyber crime investigators have been working at pace and the investigation remains one of the agency's highest priorities.”
The incident also exposed broader vulnerabilities within the retail sector, particularly its dependence on IT-driven supply chains and just-in-time stock systems. The CMC noted, “The event underscores retail sector vulnerabilities tied to just-in-time stock systems, lack of back-end storage and high dependency on IT-driven order flows. When systems fail, it is challenging to revert to manual processes.” This was painfully clear as the Co-op struggled to maintain services in isolated and rural communities, where it often serves as the only local grocery provider.
Looking forward, the Co-op expects further, though reduced, financial effects from the attack in the second half of 2025. Yet, the company’s leadership remains optimistic. “We must now build our Co-op back better and stronger to meet the challenges and opportunities that lie ahead,” said Debbie White.
The Co-op’s ordeal stands as a stark reminder of the escalating threat posed by cyber crime to even the most established businesses. As companies across the UK and beyond grapple with the implications, the lessons learned from the Co-op’s response—its transparency, resilience, and commitment to community—may well shape the next chapter in the ongoing battle for digital security.
