The Co-op has revealed that a malicious cyberattack earlier this year impacted its business, resulting in an £80 million hit to its operating profit. The cyberattack on Co-op forced the retailer to take emergency measures that disrupted both its grocery and funeral services,
In April, the company detected an attempted hack that led to the shutdown of critical parts of its IT systems. This disruption caused notable operational challenges, including noticeable gaps on supermarket shelves and the temporary use of paper-based systems at its funeral parlours, where digital services were unavailable.
Cyberattack on Co-op: Operational Disruptions and Financial Fallout
The consequences of the attack were severe: the Co-op estimates the disruption led to a revenue loss of approximately £206 million in the first half of its financial year.
The financial impact of the Co-op data breach has been clear. For the six months ending 5 July, the group reported a drop in revenue by 2.1% to £5.5 billion. This decline, combined with the cyberattack’s costs, turned what was a pre-tax profit of £58 million in the first half of the previous year into a £50 million loss.
Leadership Response and Co-op Data Breach Details
Shirine Khoury-Haq, Co-op’s chief executive, acknowledged the severity of the cyberattack on Co-op but also emphasized the lessons learned. “The cyber-attack highlighted many of our strengths. But more importantly, it also highlighted areas we need to focus on – particularly in our food business,” she stated.
Khoury-Haq added that the company had already begun refining its member and customer propositions and was implementing structural changes aimed at setting the Co-op up for long-term success.
Although the attack occurred in April, the extent of the Co-op data breach was revealed in July, when the company confirmed that personal data belonging to all 6.5 million of its members had been stolen.
The compromised information included names, addresses, and contact details. Khoury-Haq apologized publicly for the incident and reassured customers that no financial information, such as credit or debit card details, was accessed during the cyberattack, reported The Guardian.
Wider Retail Cybersecurity Challenges and Future Plans
This cyberattack on Co-op was part of a wider wave of similar incidents hitting UK retailers earlier this year. Just days prior, Marks & Spencer disclosed a costly cyber incident that compromised the personal data of thousands of customers, including names, addresses, birth dates, and order histories. Meanwhile, luxury department store Harrods also had to temporarily suspend certain systems following its own cyberattack earlier in 2025.
Headquartered in Manchester and employing around 54,000 people, the Co-op has indicated it is gradually managing a “reducing level of cyber impact.” Despite these setbacks, the group remains focused on expansion plans and intends to open 30 new stores in the second half of the financial year, including food outlets and franchise operations.
In July, as part of its strategic evolution, the Co-op launched its first “on the go” store in Solihull near Birmingham. This move signals the company’s ambition to compete with established takeaway and quick-service brands such as Greggs, Pret a Manger, and Subway.
