Close Menu
Cybercrime and Ransomware

Co-op Loses $107 Million After Cyberattack

Staff WriterBy No Comments4 Mins Read0 Views

Fast Facts

  1. The Co-operative Group reported an £80 million operating profit loss in the first half of 2025, mainly due to a cyberattack that caused £206 million in revenue loss and additional costs.
  2. The cyberattack, linked to the DragonForce ransomware and Scattered Spider affiliates, led to data theft of 6.5 million members and significant system disruptions, including offline systems affecting stock and sales.
  3. The group’s response included manual operations and support for franchise partners, but experienced ongoing stock and sales issues, particularly in categories like tobacco.
  4. Despite financial impacts, Co-op maintained strong liquidity at £800 million and reported no funding concerns, with an expectation of additional £20 million losses in the second half of 2025.

The Core Issue

In the first half of 2025, The Co-operative Group, a major UK-based member-owned retail and services cooperative, reported a staggering operating loss of £80 million, primarily due to the aftermath of a cyberattack that struck in April. This attack, attributed to hacking groups associated with the DragonForce ransomware operation and linked to Scattered Spider affiliates, compromised the personal data of all 6.5 million members and disrupted the company’s IT systems, leading to significant financial and operational setbacks. The breach forced Co-op to temporarily shut down parts of its IT infrastructure, rebuild key systems, and manage extensive system unavailability, which directly impacted sales, stock availability, and customer trust. This incident not only caused immediate financial damage—estimated at £20 million in extra costs and £60 million in lost sales—but also resulted in an overall revenue reduction of £206 million. The company responded swiftly by implementing manual operations, rerouting stock, and offering discounts, but the disruptions endured into the second half of the year, with an anticipated additional £20 million loss. Reported by Co-op’s internal investigation and corroborated by the UK’s National Crime Agency, which arrested four suspects aged 17 to 20, the attack underscores the growing threat from cybercriminals targeting large organizations, particularly those with vast customer data, highlighting both the vulnerability and resilience challenges faced by companies in the digital age.

Critical Concerns

The Co-operative Group’s 2025 half-year financial report vividly illustrates the profound and multifaceted impact of a severe cyberattack that resulted in an operating loss of £80 million ($107 million). The breach, attributed to the DragonForce ransomware linked to Scattered Spider affiliates, compromised personal data of 6.5 million members and forced the shutdown of critical IT systems, leading to immediate operational disruptions, stock and sales decline—culminating in a £206 million revenue loss—and significant logistical and systemic reconstitution costs. Despite swift containment efforts that thwarted encryption attempts, the attack inflicted substantial financial damage, including £20 million in one-off costs and £60 million in lost sales, with projections of an additional £20 million in losses for the latter half of the year, as recovery persists. The incident underscores the escalating cybersecurity risks, evidenced by nearly double the previous year’s password breach rate, and highlights how such breaches can precipitate extensive data exfiltration, operational chaos, financial strains, and reputational harm across interconnected industries. Nevertheless, Co-op maintained a strong liquidity position with £800 million, demonstrating resilience amidst ongoing recovery challenges.

Fix & Mitigation

In the aftermath of the Co-op’s staggering $107 million loss due to the Scattered Spider attack, swift and strategic remediation becomes critical to restore financial stability, protect sensitive information, and rebuild stakeholder trust.

Assessment & Investigation
Conduct a thorough forensic investigation to understand the breach, its scope, and vulnerabilities exploited.

Containment & Eradication
Isolate affected systems to prevent further damage and eliminate malicious artifacts from the network.

Communication & Transparency
Promptly notify stakeholders, employees, and regulators, providing honest updates to maintain trust.

Patch & Strengthen
Apply security patches, update antivirus, and reinforce defenses against similar future attacks.

Recovery & Restoration
Restore data from backups, verify system integrity, and ensure normal operations resume securely.

Monitoring & Preventative
Implement continuous security monitoring and threat detection tools to identify anomalies early.

Training & Awareness
Educate staff on cyber threat recognition and safe practices to reduce human error vulnerabilities.

Stay Ahead in Cybersecurity

Stay informed on the latest Threat Intelligence and Cyberattacks.

Explore engineering-led approaches to digital security at IEEE Cybersecurity.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.