Co-op says it lost $107 million after Scattered Spider attack
The Co-operative Group in the U.K. released its interim financial results report for the first half of 2025 with a massive loss in operating profit of £80 million ($107 million) due to the cyberattack it suffered last April.
The impact is analyzed into two categories, namely £20 million in one-off incremental costs and £60 million from lost sales while systems were offline.
The cybersecurity incident also caused a reduction in revenue of £206 million ($277 million). Co-op states that it expects another £20 million in losses for the second half of the year, as recovery will continue.
Co-op is a large UK member-owned co-operative group active in food retail, life services, and business-to-business services. It operates 2,300 food retail stores and 59 franchise stores.
In late April 2025, the group shut down parts of its IT systems after detecting hacking attacks, causing limited disruption to back-office and call-center services.
A couple of days later, Co-op confirmed that it had been targeted by hackers linked to the DragonForce ransomware operation, who managed to steal personal data of a large number of current and past members, including names and contact details.
The attack, attributed to Scattered Spider affiliates, forced Co-op to rebuild its Windows domain controllers and further extend system unavailability.
On July 10th, U.K.’s National Crime Agency arrested four young suspects (ages 17–20) linked to the Co-op cyberattack, as well as those at Marks & Spencer and Harrods that occurred around the same period.
On July 16th, Co-op published new details on its internal investigation, informing that hackers stole the personal data of all 6.5 million members during the April cyberattack.
Although Co-op’s response to the attack was prompt and prevented the attempted encryption, the group suffered a significant financial impact.
Source: Co-op
Information shared in the interim document describes the response in detail, explaining that certain systems that were taken offline disrupted trading and stock availability in food retail.
Manual processes were introduced temporarily, 350,000 items were rerouted to support independent co-ops and franchise partners, and discount coupons were offered to members.
Still, the group continued to face limited volume problems, experienced severe stock allocation issues, and a collapse in sales for some categories, such as tobacco.
Despite the disruption and the expected ongoing effects, liquidity remained strong, with £800 million being available to “navigate external pressures while maintaining focus on long-term ambitions.”
The CFO underlined that no funding concerns arose from the cyber-incident.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Source link