The Co-operative Group in the United Kingdom has revealed the extent of the damage caused by the cyberattack it suffered earlier this year. In its interim financial report for the first half of 2025, the company announced an £80 million (about $107 million) drop in operating profit, attributing the decline directly to the April breach.
According to the report, the losses can be broken down into two areas: around £20 million spent on immediate recovery efforts and another £60 million lost in sales while core systems were out of service. The disruption also drove down overall revenue by £206 million ($277 million). Co-op expects recovery-related expenses to continue, with an additional £20 million likely to be recorded in the second half of 2025.
The Attack and Data Theft
In late April, Co-op had to take parts of its IT network offline after detecting suspicious activity. The incident was later confirmed to be the work of affiliates linked to Scattered Spider, operating in connection with the DragonForce ransomware group. Although the attack was stopped before files could be encrypted, the intruders managed to steal personal details of all 6.5 million members, including both current and past customers.
The U.K.’s National Crime Agency arrested four individuals between the ages of 17 and 20 in July in connection with the breach. The same suspects are also believed to have played a role in cyberattacks against other well-known retailers, including Marks & Spencer and Harrods, during the same period.
Operational Disruptions
The breach created major technical problems that forced Co-op to rebuild its Windows domain controllers, which are critical servers that manage access across its network. With automated systems unavailable, the group had to fall back on manual operations. Staff rerouted more than 350,000 product items to franchise partners and independent co-ops to help minimize the disruption. Discount vouchers were also offered to members during the outage.
Despite these efforts, the group experienced ongoing challenges, including shortages in certain product categories and steep drops in sales of items such as tobacco. The company explained that while the quick response reduced some of the damage, the weeks of system downtime and the loss of customer information took a substantial toll.
Financial Position
Co-op emphasised that despite the losses, its overall financial position remains stable. The group has £800 million in available liquidity, which it says will allow it to continue operating without funding concerns while addressing long-term recovery. Executives stressed that the business remains focused on its broader goals even as it manages the fallout from the attack.
The April incident highlights how cyberattacks can have wide-ranging consequences beyond stolen data, disrupting daily operations, reducing consumer trust, and inflicting heavy financial costs. For Co-op, the road to recovery will continue into the second half of 2025.
