Empty Shelves, Empty Coffers: Co-op Pegs Cyber Hit at £80m

The Co-operative Group, a leading retailer and member-owned organization, has revealed that a devastating cyberattack has left it reeling with an £80 million financial hangover. The breach, which occurred in April, forced the company to shut down parts of its IT systems, resulting in a significant loss of revenue and profits.

The attack, which targeted the Co-op's online platforms, led to empty shelves, disrupted supply chains, and chaotic back-office operations. In an effort to lure customers back, the retailer offered discounts of up to £10 off a £40 shop. Despite these efforts, the company has reported an underlying operating loss of £32 million, a sharp swing from the £47 million profit it recorded in the previous year.

The losses are attributed to the £206 million in lost revenue suffered by the Co-op as a result of the breach. This includes a one-off payment of £20 million, which the company has yet to explain. The attackers, believed to be associated with Scattered Spider, a loose-knit crew of hackers blamed for high-profile breaches, used social engineering tricks to gain entry into corporate networks.

The cyberattack exposed the personal details of all 6.5 million Co-op members, including names and contact information. However, it's reported that no payment card or transaction data was compromised. The company's chief executive, Shirine Khoury-Haq, has defended the group's response to the breach, citing its financial strength as a key factor in weathering the storm.

"When we experienced a significant cyber attack, that financial strength allowed us to respond as a member-owned organization," she said. "I'm very proud of how we reacted: we kept trading, prioritized colleagues and vulnerable communities, and launched a partnership with The Hacking Games to tackle youth disenfranchisement – the root of many cyber threats."

Law enforcement has moved quickly in response to the Co-op attack, arresting four suspects accused of involvement in the breach. The UK's National Crime Agency has taken a significant interest in the case, and investigations by regulators are ongoing.

The breach has triggered concerns about data protection and cybersecurity, with the Information Commissioner's Office expected to probe how so much personal data was exposed. While the Co-op expects to see a "reducing level of cyber impact" in the second half of the year, management has cautioned that cost pressures, volatile markets, and stiff competition will continue to pose challenges.

As the Co-op looks to rebuild and recover from this devastating cyberattack, it remains to be seen how the company will address these ongoing issues. One thing is certain: the retail industry must take a closer look at its cybersecurity measures to prevent such breaches in the future.