Co-op Says it Lost $107 Million After Scattered Spider Attack

The Co-operative Group in the U.K. has released its interim financial results report for the first half of 2025, revealing a massive loss in operating profit of £80 million ($107 million) due to the cyberattack it suffered last April. The attack, attributed to Scattered Spider affiliates, had a devastating impact on the group's operations, causing disruptions to back-office and call-center services.

The cybersecurity incident resulted in significant losses for Co-op, with an estimated £206 million ($277 million) lost in revenue due to systems being offline. Additionally, the group incurred one-off incremental costs of £20 million and experienced a reduction in sales of £60 million. The total impact is expected to continue throughout the year, with another £20 million in losses forecast for the second half.

The Attack: A Global Cybercrime Operation

In late April 2025, Co-op detected hacking attacks on its IT systems, which were later linked to the DragonForce ransomware operation. The attack was attributed to Scattered Spider affiliates and resulted in the theft of personal data from a large number of current and past members, including names and contact details.

The attackers also managed to steal sensitive information from Co-op's Windows domain controllers, forcing the group to rebuild its systems and extend system unavailability. The incident was further complicated by the involvement of other groups, with U.K.'s National Crime Agency arresting four young suspects (ages 17–20) linked to the Co-op cyberattack, as well as those at Marks & Spencer and Harrods that occurred around the same period.

The Response: A Prompt and Effective Effort

Co-op's response to the attack was prompt and effective, preventing the attempted encryption of its systems. The group introduced manual processes temporarily to mitigate the impact of the attack, rerouting 350,000 items to support independent co-ops and franchise partners.

Discount coupons were also offered to members to help offset the disruptions caused by the attack. Despite these efforts, Co-op continued to face limited volume problems, experienced severe stock allocation issues, and a collapse in sales for some categories, such as tobacco.

A Stronger Focus on Cybersecurity

Despite the significant financial impact of the cyberattack, Co-op's liquidity remained strong, with £800 million available to "navigate external pressures while maintaining focus on long-term ambitions." The CFO underlined that no funding concerns arose from the cyber-incident.

This incident highlights the importance of cybersecurity for organizations of all sizes. As ransomware and other types of cyberattacks continue to evolve and become more sophisticated, it is essential for businesses to prioritize their security measures and invest in effective threat detection and prevention strategies.