Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Co-op

Co-op Vendor Cyber Rating & Cyber Score

coop.co.uk

Owned by you. Right by you.


Co-op A.I CyberSecurity Scoring

Co-op
Company Information
Website:http://www.coop.co.uk
Employees number:21,188
Number of followers:237,038
NAICS:43
Industry Type:Retail
Homepage:coop.co.uk
Co-op Risk Score (AI oriented)
Between 0 and 549
logo
Co-opRetail
Updated:
18/06/2026
100/1000
Critical
C
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Co-op Global Score (TPRM)
xxxx
logo
Co-opRetail
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Co-op
Co-opCritical
Current Score
100C (CRITICAL)
01000
16 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
100Before Incident
JUNE 2026
100Before Incident
MAY 2026
100Before Incident
APRIL 2026
100Before Incident
MARCH 2026
100Before Incident
FEBRUARY 2026
100Before Incident
JANUARY 2026
100Before Incident
DECEMBER 2025
100Before Incident
Cyber Attack
29 Dec 2025Co-op
Adidas, Heathrow Airport, Harrods, Marks and Spencer, Co-op Group and Jaguar Land Rover: How 2025 Became The Year Of The Cyberattack For British Businesses

100After Incident
CRITICAL0
ADIHEAHARMARTHEJAG1767017696
2025: A Year of Rising Costs—and Escalating Cyber Threats for UK Businesses As 2025 draws to a close, UK businesses and charities have faced a surge in financial pressures—from soaring employment costs and supply chain disruptions to oil and tariff shocks. Yet, one of the most damaging expenses has been the fallout from cyberattacks, which have hit nearly half of British companies and 30% of charities over the past year. High-profile victims include retail giants Marks & Spencer, Adidas, and the Co-op Group, as well as Heathrow Airport, Harrods, and Jaguar Land Rover (JLR). The public sector hasn’t been spared either: Germany’s parliament and the UK Foreign Office (breached in October) were among those targeted. Attacks ranged from phishing scams to full-scale digital shutdowns, with some incidents costing hundreds of millions. The scale of cybercrime has reached staggering proportions. Cybersecurity Ventures estimates the global cost of cyberattacks in 2025 at $10.5 trillion (£7.8 trillion)—a figure that would rank cybercrime as the world’s third-largest economy, trailing only the US and China. The financial and operational toll underscores the growing threat to organizations across sectors.
INCIDENT DETAILS -
TYPE
phishingdata breachdigital shutdownransomware
IMPACT
Financial Loss: hundreds of millions of poundsOperational Impact: digital shutdown
NOVEMBER 2025
100Before Incident
OCTOBER 2025
100Before Incident
Ransomware
17 Oct 2025Co-op
Co-op

100After Incident
CRITICAL0
THE4262142101725
Co-op, a major UK-based retail and financial services cooperative, fell victim to a ransomware attack by the DragonForce group, resulting in substantial financial costs, prolonged operational disruption, and intense public scrutiny. The attack exposed critical vulnerabilities in their cybersecurity posture, particularly their lack of dedicated cyber insurance coverage for ransomware, exacerbating recovery challenges. The incident led to extended system downtime, hampering business continuity and eroding customer trust. While the exact financial losses were not fully disclosed, the reputational damage was significant, with media coverage amplifying the fallout. The attack underscored the risks of underestimating cyber threats, especially for organizations without robust incident response frameworks or financial safeguards like cyber insurance. The prolonged recovery period further strained resources, highlighting the interconnected financial, operational, and reputational consequences of modern ransomware attacks on large enterprises.
INCIDENT DETAILS -
TYPE
ransomwaredata breachoperational disruption
MOTIVATION
financial gaindata exfiltrationoperational disruption
IMPACT
£300 million (Marks & Spencer profit loss)substantial costs (Co-op)regulatory fines up to €20M or 4% global turnover (GDPR)prolonged (Co-op, Marks & Spencer)business interruptionprolonged recovery£300 million (Marks & Spencer)long-lasting reputational damageloss of customer confidencepublic scrutinyGDPR finesregulatory penalties
SEPTEMBER 2025
100Before Incident
Cyber Attack
25 Sep 2025Co-op
Co-op Group: Britain's Co-op warns of $161 million profit hit from cyberattack

Co-op Group Cyberattack Resulting in £120 Million Profit Hit

100After Incident
CRITICAL0
THE1770266348
Co-op Group Warns of £120 Million Profit Hit After Sophisticated Cyberattack The UK’s Co-op Group, a 181-year-old member-owned cooperative operating in food retail, funeral services, legal, and insurance sectors, disclosed a significant financial impact from a "sophisticated" cyberattack in April. The breach, which exploited social engineering tactics specifically, attackers impersonating a colleague to gain account access forced the company to temporarily shut down multiple systems to contain the threat. The incident disrupted operations, including food availability in stores, and contributed to a first-half underlying loss before tax of £75 million, compared to a £3 million profit in the same period last year. Revenue also declined by 2.1% to £5.5 billion. The Co-op estimates the full-year profit impact at £120 million, with limited insurance coverage expected to offset only a portion of the losses. While the company had cyber insurance for immediate response measures, it does not anticipate claiming for broader financial damages. The attack’s fallout included a £206 million revenue hit and an £80 million profit reduction in the first half, with an additional £40 million allocated in the second half to strengthen cyber defenses. The Co-op plans to open 30 new stores despite ongoing cost pressures and market volatility. The breach reflects a growing trend of aggressive cyberattacks targeting British organizations, with recent victims including the British Library and London Underground. The Co-op’s response highlights the financial and operational risks of such incidents, even for companies with preparedness measures in place.
INCIDENT DETAILS -
TYPE
Cyberattack
IMPACT
Financial Loss: £120 million estimated full-year profit impactSystems Affected: Multiple systems shut downOperational Impact: Disrupted operations, including food availability in storesRevenue Loss: £206 million revenue hit in the first half
SEPTEMBER 2025
100Before Incident
Ransomware
02 Sep 2025Co-op
Marks & Spencer

DragonForce Ransomware Cartel Emerges from Conti’s Leaked Source Code

100After Incident
CRITICAL0
MAR1193411110425
Marks & Spencer (M&S), a prominent UK retailer, fell victim to a coordinated ransomware attack linked to the DragonForce cartel and its affiliate Scattered Spider. The incident involved the deployment of DragonForce-built ransomware, leveraging Conti’s leaked source code with advanced encryption (ChaCha20 + RSA) and network-spreading capabilities via SMB. The attack targeted both local and shared network storage, with operators threatening to delete decryptors and leak stolen data if ransom demands were unmet by deadlines (September 2 and 22).The breach disrupted M&S’s operations, risking customer data exposure, financial fraud, and reputational damage due to media coverage. DragonForce’s cartel model—recruiting affiliates like Devman and Scattered Spider—amplified the attack’s sophistication, combining initial access tactics with aggressive data exfiltration. While the full scope of compromised data (e.g., payment details, personal records) remains undisclosed, the incident aligns with DragonForce’s pattern of high-impact extortion, including threats to publish sensitive information. The attack underscores the escalating risks posed by ransomware-as-a-service (RaaS) ecosystems, where collaborative cybercriminal groups exploit enterprise vulnerabilities for maximal disruption and profit.
INCIDENT DETAILS -
TYPE
ransomwarecartel-style cybercrime operationaffiliate-based attack
MOTIVATION
financial gaindominance in ransomware ecosystemrecruitment of affiliatesdisruption of rival groups
IMPACT
local storagenetwork shares via SMBencryption of filespotential data leaks (threatened for September 2 and 22)disruption of rival ransomware operations (e.g., BlackLock, Ransomhub)potential reputational damage to affected entities (e.g., Marks & Spencer)undermining trust in rival ransomware groups
DATA BREACH
threatened (e.g., leaks scheduled for September 2 and 22)ChaCha20 + RSA per-file encryption10-byte metadata block (encodes mode, percentage, size)supports full (0x24), partial (0x25), and header-only (0x26) modes
AUGUST 2025
111Before Incident
JUNE 2025
100Before Incident
Cyber Attack
16 Jun 2025Co-op
Co-op

Proton Data Breach Observatory Findings: 71% of 2025 Breaches Target Small Businesses

100After Incident
CRITICAL0
THE4993049103025
In 2025, Co-op, a major UK retail chain, fell victim to a high-profile cyberattack that resulted in significant financial and reputational damage. The breach exposed customer data, including email addresses, names, phone numbers, and—critically—passwords in nearly half of the incidents. The attack reportedly cost the company around £300 million in recovery efforts, disrupting operations and eroding customer trust. The compromised records heightened risks of identity theft, with criminals potentially exploiting stolen credentials for fraudulent activities like unauthorized loans or credit card applications. The incident underscored the vulnerability of retail sectors, which accounted for 25% of all breaches in 2025, with small and mid-sized businesses being prime targets. Co-op’s breach aligns with broader trends where attackers prioritize personally identifiable information (PII), with 100% of exposures involving email addresses and 34% including sensitive data like health or government records. The financial strain and operational disruptions positioned this as a severe threat to the organization’s stability, particularly given the scale of data compromised and the direct impact on customers.
INCIDENT DETAILS -
TYPE
Data BreachCyberattack
MOTIVATION
Financial GainData Theft
IMPACT
Financial Loss: £300 million (estimated for UK retailers like Coop and M&S)Data Compromised: 300+ million individual records (800 verified breaches); hundreds of billions including compilationsBrand Reputation Impact: High (especially for UK retailers)Identity Theft Risk: High (primary danger; used for fraudulent loans/credit cards)
DATA BREACH
Personally Identifiable Information (PII)Email addresses (100% of breaches)Names (90%)Phone numbers (72%)Passwords (49%)Health records (34%)Government records (34%)Number Of Records Exposed: 300+ million (verified breaches); hundreds of billions (including compilations)Low (emails/names)Medium (phone numbers)High (passwords/health/gov records)Data Exfiltration: Yes (dark web sales implied)Personally Identifiable Information: Yes (dominant in all breaches)
JUNE 2025
251Before Incident
Ransomware
01 Jun 2025Co-op
Harrods, Marks & Spencer, Co-Op and British Horseracing Authority: British Horseracing Authority hit by ransomware

British Horseracing Authority (BHA) Ransomware Attack

100After Incident
CRITICAL-151
HARMARTHEBRI1769526687
UK Organizations Face Rising Ransomware Threats as Cyberattacks Intensify The British Horseracing Authority (BHA) became the latest UK organization to suffer a ransomware attack in early June 2025, compromising multiple servers within its IT infrastructure. While core racing operations and general administration remained unaffected, the incident forced some IT staff to work remotely as authorities worked to contain the breach. The responsible ransomware group has not been identified, with details kept confidential for security reasons. The attack is part of a broader surge in cyber threats targeting Western entities, particularly in the UK. Recent victims include retail giants Marks & Spencer, which fell to the DragonForce ransomware and took five weeks to recover, as well as Co-Op and Harrods, both hit in the past two months. Cybercriminals are increasingly drawn to Western organizations due to two key factors: financial incentives businesses in these regions are more likely to pay ransoms to avoid operational collapse and perceived security gaps, where weak defenses make breaches easier and more profitable. Ransomware tactics have also grown more aggressive. Beyond encrypting data, attackers now employ double extortion, stealing sensitive information before locking systems and threatening to leak it on the dark web if demands aren’t met. In rare cases, they escalate to triple extortion, targeting victims’ customers and partners to inflict reputational damage. As cyber threats evolve in sophistication, the long-term impact on businesses and public institutions remains a pressing concern. The BHA incident underscores the escalating risks faced by organizations across sectors, with no clear resolution in sight.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gain, exploitation of perceived security gaps
IMPACT
Systems Affected: Multiple servers within IT infrastructureOperational Impact: IT staff worked remotely during containment
MAY 2025
283Before Incident
Cyber Attack
21 May 2025Co-op
Harrods, Marks & Spencer and Co-op: M&S cyber-attack disruption to last until July and cost £300m

Marks & Spencer Prolonged Online Disruption Following Easter Cyber-Attack

247After Incident
HIGH-36
HARTHEMAR1781750033
Marks & Spencer Faces Prolonged Online Disruption Following Easter Cyber-Attack Marks & Spencer (M&S) has revealed that its online services will remain disrupted until July after a sophisticated cyber-attack last month. The retailer, which has struggled with online ordering for nearly a month, expects a gradual return to normal operations over the coming weeks. The attack, which occurred over the Easter weekend, initially disrupted click-and-collect and contactless payment systems. By the following week, M&S had to suspend online ordering entirely, displaying an apology banner on its website. CEO Stuart Machin described the incident as a "highly sophisticated and targeted" breach, with financial analysts estimating a £300 million hit to annual profits equivalent to a third of the company’s earnings. While insurance may cover part of the loss, the impact remains significant. Authorities are investigating Scattered Spider, a notorious English-speaking hacking group linked to previous attacks on the Co-op and Harrods. M&S appears to have suffered the most severe consequences among the targeted retailers. Despite the setback, Machin assured stakeholders that the company would emerge stronger, framing the incident as a temporary obstacle in its broader restructuring efforts.
INCIDENT DETAILS -
TYPE
Cyber-Attack
IMPACT
Financial Loss: £300 milliononline orderingclick-and-collectcontactless payment systemsDowntime: 3 monthsOperational Impact: Suspension of online ordering, disruption of click-and-collect and contactless payments
MAY 2025
299Before Incident
Cyber Attack
20 May 2025Co-op
Tesco, Sainsbury’s, Waitrose, Asda, Peter Green Chilled, Morrisons, Marks & Spencer, Co-op and Aldi: Supplier to Tesco, Aldi and other supermarkets hit with ransomware

UK Food Logistics Firm Hit by Ransomware, Disrupting Major Supermarket Supply Chains

246After Incident
CRITICAL-53
MARCALWAISAITOYTHEMORPET-TE1772023906
UK Food Logistics Firm Hit by Ransomware, Disrupting Major Supermarket Supply Chains A ransomware attack on Peter Green Chilled, a key logistics provider for major UK supermarkets, has disrupted order processing for retailers including Tesco, Sainsbury’s, Asda, Waitrose, Co-op, Morrisons, M&S, and Aldi. The incident, which occurred last Wednesday, forced the Somerset-based company to suspend order handling on Thursday, though transport operations remained unaffected. Managing Director Tom Binks confirmed the attack in an email, stating that the firm was implementing workarounds to maintain deliveries while providing regular updates to clients. While existing schedules have largely held, concerns persist among suppliers of perishable goods over potential waste due to delays. This attack follows a recent surge in ransomware incidents targeting the UK retail sector, with Marks & Spencer, Co-op, and Harrods all experiencing disruptions in recent weeks. Phil Pluck, CEO of the Cold Chain Federation, noted a sharp rise in such attacks on food distribution networks, often unreported due to reputational risks. The cold chain sector’s tight timelines and high-volume perishable goods make it a lucrative target for cybercriminals. Security experts warn that supply chain vulnerabilities amplify the impact of such breaches. Richard Orange of Abnormal AI highlighted the risk of follow-on attacks, including vendor email compromise, where attackers impersonate suppliers to steal credentials or redirect payments. Meanwhile, Andy Norton of Armis reported that 41% of retailers have faced increased cyber threats in the past six months, with no signs of slowing. Peter Green Chilled has not yet provided further comment on the incident. A previous reference to Lidl as a client was retracted after the supermarket confirmed it no longer uses the firm’s services.
INCIDENT DETAILS -
TYPE
ransomware
MOTIVATION
financial gain
IMPACT
Systems Affected: order processing systemsDowntime: order handling suspended on ThursdayOperational Impact: disrupted order processing for major UK supermarketsBrand Reputation Impact: potential reputational risk due to unreported incidents in the sector
APRIL 2025
435Before Incident
Ransomware
01 Apr 2025Co-op
Co-op

Global Ransomware Attack Trends in April 2024: Akira and Scattered Spider Dominate, Retail and Industrial Sectors Targeted

279After Incident
CRITICAL-156
THE2462024091125
The UK-based Co-op, a major retail chain, fell victim to a ransomware attack in April, orchestrated by the Scattered Spider group. The incident disrupted critical operations, particularly targeting payment systems, causing widespread chaos in transactions and customer service. While the exact extent of data compromise remains undisclosed, the attack likely exposed customer data—a high-value asset on black markets—heightening risks of fraud and reputational damage. The public nature of the breach, amplified by Scattered Spider’s deliberate publicity, intensified pressure on Co-op to respond swiftly, possibly coercing a ransom payment. The attack underscored the retail sector’s vulnerability, where operational disruptions and data theft create compounded financial and trust-related losses. Given Co-op’s prominence, the incident also attracted media scrutiny, further exacerbating reputational harm. The broader trend of weaponised PDFs and AI-driven phishing suggests attackers exploited advanced tactics, potentially leveraging zero-day flaws to bypass defenses. The attack aligns with a pattern of ransomware groups prioritizing high-profile targets to maximize impact and payouts, even amid a reported decline in overall ransomware volumes.
INCIDENT DETAILS -
TYPE
ransomwarephishingsocial engineeringzero-day exploitation
MOTIVATION
financial gaindata exfiltration for black market salesbrand reputation damagegeopolitical leveragecyber espionage
IMPACT
customer payment datapersonally identifiable information (PII)corporate intellectual propertypayment processing systemsretail POS terminalsindustrial control systems (ICS)supply chain management platformsdisruption of retail operationssupply chain delaystemporary closure of storesloss of customer trustincreased due to payment system outagesdata breach notificationssevere for high-profile retailers (e.g., Co-op, M&S, Harrods)long-term erosion of consumer trusthigh due to PII exposurecredit/debit card detailstransaction histories
DATA BREACH
PIIpayment card datacorporate emailssupply chain dataSensitivity Of Data: highlikely for black market salesby ransomware groups (e.g., Akira, Qilin)PDFsdatabasesfinancial recordsnamesaddressespayment details
JANUARY 2025
708Before Incident
Breach
01 Jan 2025Co-op
Co-op and KNP Logistics: Weak password allowed hackers to sink a 158-year-old company

KNP Logistics Collapse Due to Ransomware Attack Linked to Weak Password

434After Incident
CRITICAL-274
KNITHE1772267209
158-Year-Old UK Transport Firm Collapses After Ransomware Attack Linked to Single Weak Password A ransomware attack, allegedly enabled by a single compromised employee password, has led to the collapse of KNP Logistics, a 158-year-old transport company based in Northamptonshire. The breach encrypted critical data and paralyzed internal systems, forcing the firm into administration and leaving 700 employees without jobs. The incident mirrors a growing trend of cyberattacks targeting UK businesses, with high-profile victims including M&S, Co-op, and Harrods in recent months. Last week, Co-op confirmed that 6.5 million members had their personal data stolen in a separate breach. KNP director Paul Abbott revealed that the attack likely stemmed from hackers guessing an employee’s password, though he has not disclosed the lapse to the individual involved. Meanwhile, Richard Horne, CEO of the National Cyber Security Centre (NCSC), emphasized the need for stronger cybersecurity measures as ransomware gangs continue to escalate their operations. The NCSC has been actively tracking and countering these threats, with recent efforts highlighted in exclusive access granted to investigative teams.
INCIDENT DETAILS -
TYPE
Ransomware
IMPACT
Data Compromised: Critical data encryptedSystems Affected: Internal systems paralyzedOperational Impact: Firm forced into administration
DATA BREACH
Type Of Data Compromised: Critical business dataData Encryption: Yes
Ransomware
01 Jan 2025Co-op
Co-operative Group, Ingram Micro, Salesforce, Jaguar Land Rover, Oracle, Synnovis and DaVita: Top 10 Ransomware Attacks Over The Past Year

Ransomware in 2025: A Systemic Threat Disrupting Global Supply Chains and Critical Services

434After Incident
CRITICAL-274
THEINGSALJAGORASYNDAV1769095448
Ransomware in 2025: A Systemic Threat Disrupting Global Supply Chains and Critical Services In 2025, ransomware evolved from isolated IT disruptions into a systemic risk, threatening national supply chains, essential services, and entire industries. Cybersecurity Ventures projects the global cost of ransomware will surge to $275 billion annually by 2031, driven by downtime, data loss, recovery efforts, and lost productivity not just ransom payments. A recent SOCRadar analysis highlighted the top 10 ransomware attacks of 2025, each exposing vulnerabilities across sectors: 1. Salesforce Ecosystem – A SaaS supply chain blind spot exploited for widespread disruption. 2. Oracle E-Business Suite – A zero-day attack leveraging supply chain extortion. 3. Jaguar Land Rover – Britain’s costliest cyberattack, crippling automotive operations. 4. Ingram Micro – A ransomware strike paralyzing global IT distribution. 5. Co-operative Group – A sustained siege on the UK retail sector. 6. PowerSchool – Large-scale extortion targeting the education sector. 7. Synnovis – Healthcare disruption with confirmed patient harm. 8. DaVita – Ransomware striking critical healthcare infrastructure. 9. Asahi Group – Manufacturing halts exposing IT-OT convergence risks. 10. Collins Aerospace – Ransomware grounding European airports. Key patterns emerged across these incidents: - Initial access frequently relied on stolen credentials or social engineering rather than sophisticated exploits. - Supply chain vulnerabilities amplified impact, turning single breaches into cascading failures. - Data theft and operational paralysis often outweighed encryption as the primary damage driver. - Delayed consequences such as regulatory penalties or confirmed human harm surfaced months after the attacks. The incidents underscore ransomware’s growing role as a strategic threat, with far-reaching consequences beyond financial losses.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gainExtortionOperational disruption
IMPACT
Financial Loss: $275 billion annually by 2031 (projected global cost)SaaS platformsIT distribution networksHealthcare infrastructureManufacturing OT systemsAviation systemsCrippling automotive operationsParalyzing global IT distributionHealthcare disruption with confirmed patient harmManufacturing haltsGrounding of European airports
AUGUST 2024
722Before Incident
Cyber Attack
29 Aug 2024Co-op
Co-op, Jaguar Land Rover and Marks & Spencer: Millions had data stolen in 2024 London transport hack: BBC

Massive Cyberattack on Transport for London Exposes Data of 10 Million Customers

699After Incident
CRITICAL-23
THELONJAG1772814307
Massive Cyberattack on Transport for London Exposes Data of 10 Million Customers In one of the largest data breaches in British history, Transport for London (TfL) confirmed that a cyberattack in late 2024 compromised the personal data of approximately 10 million customers. The breach, which occurred between August 29 and September 6, was discovered on September 1, prompting TfL to notify over 7 million customers via email in September those for whom email addresses were available in the exposed dataset. While the attack did not disrupt London’s transport networks, it caused three months of online service outages, resulting in financial losses estimated in the tens of millions of pounds. The stolen data included customer names and contact details, with a smaller subset around 5,000 individuals having bank account information potentially accessed. Investigators linked the attack to Scattered Spider, a notorious cybercriminal collective. Two British teenagers, previously charged in connection with the breach, are set to stand trial in June 2025. The incident reflects a broader surge in cyberattacks targeting UK organizations, with recent victims including Marks & Spencer, the Co-op, and Jaguar Land Rover.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Financial Loss: Tens of millions of poundsData Compromised: Personal data (names, contact details, bank account information for 5,000 individuals)Systems Affected: Online servicesDowntime: Three monthsOperational Impact: Online service outagesIdentity Theft Risk: High (for 5,000 individuals with bank account information exposed)Payment Information Risk: High (for 5,000 individuals with bank account information exposed)
DATA BREACH
NamesContact detailsBank account informationNumber Of Records Exposed: 10 million (5,000 with bank account information)Sensitivity Of Data: High (for 5,000 individuals with bank account information)Personally Identifiable Information: Yes
JUNE 2024
734Before Incident
Cyber Attack
16 Jun 2024Co-op
Co-op Group

Co-op Group Cyber Attack Leading to £80m Profit Loss

717After Incident
CRITICAL-17
THE3433134092525
The Co-op Group, a Manchester-based organization, suffered a severe cyber attack in April 2025, resulting in an £80 million hit to its half-year profits (to July 5, 2025), with an additional projected £40 million loss in the second half of the financial year. The attack disrupted IT systems, causing supply chain failures that led to empty shelves in stores for two weeks. Revenues dropped by 2.1% to £5.484 billion, and a pre-tax profit of £58 million in 2024 turned into a £50 million pre-tax loss in 2025, including the £80 million cyber attack cost. The incident wiped £206 million off revenues, though the company maintained liquidity of £800 million and secured a £350 million lending agreement to stabilize finances. The attack coincided with similar incidents at M&S and Jaguar Land Rover, highlighting the escalating threat of cyber disruptions to critical business operations. Leadership emphasized resilience but acknowledged the need for structural improvements, particularly in the Food business, to mitigate future risks.
INCIDENT DETAILS -
TYPE
Cyber AttackSupply Chain DisruptionFinancial Impact
IMPACT
Immediate Loss: £80m (first half of 2025)Projected Additional Loss: £40m (second half of 2025)Revenue Reduction: £206m (directly attributed to the hack)Pre Tax Loss: £50m (2025, vs. £58m profit in 2024)IT Systems (partial shutdown)Supply Chain SystemsDowntime: 2 weeks (recovery phase entered after this period)Empty shelves in storesSupply chain disruptionsProduction delays (indirectly mentioned via Jaguar Land Rover comparison)Revenue Loss: 2.1% (£5.484bn vs. prior period)Potential long-term trust erosionHighlighted resilience in public statements
MARCH 2024
745Before Incident
Cyber Attack
01 Mar 2024Co-op
Co-operative Group (Co-op)

Co-operative Group Data Breach

728After Incident
CRITICAL-17
THE523050725
In late March 2024, the Co-operative Group disclosed that a sophisticated cyber-attack on its network had resulted in the unauthorized exfiltration of customer data from one of its back-office systems. According to an FAQ posted on the retailer’s website, hackers were able to extract names, residential addresses, email addresses, phone numbers and dates of birth belonging to Co-op Group members. Although the attackers did not gain access to more sensitive information such as member passwords, payment card details or transaction histories, the incident nevertheless represents a significant breach of personal data. In response, the Co-op took multiple systems offline and engaged with the UK’s National Cyber Security Centre (NCSC) to contain the incident and begin the recovery process. The breach has prompted the NCSC to issue fresh guidance to the wider retail sector, emphasizing the need for robust multi-factor authentication, vigilant monitoring of privileged accounts, and rapid assimilation of threat intelligence. Senior government figures have described the attack as a "wake-up call" for all organizations to treat cybersecurity as a strategic priority. The Co-op continues to investigate the full scope of the compromise and is notifying affected members while reinforcing its defenses to prevent future intrusions.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
namesresidential addressesemail addressesphone numbersdates of birth
DATA BREACH
namesresidential addressesemail addressesphone numbersdates of birthData Exfiltration: YesPersonally Identifiable Information: Yes
JUNE 2023
773Before Incident
Cyber Attack
16 Jun 2023Co-op
Co-op

Co-op Cyber Attack (April 2023)

734After Incident
CRITICAL-39
THE1892618092525
The Co-op, a UK-based food-to-funerals group, suffered a sophisticated, multi-stage cyber attack in April, initiated via social engineering (impersonating an employee). Though the attack was contained within minutes, its fallout caused £200M in lost sales (6 months to July), with projections reaching £300M by next year and a £120M annual profit hit. Systems remained disrupted, leading to ongoing operational challenges. The attackers attempted ransomware deployment (4,000 attempts/minute over hours), but malware was blocked. The incident exposed underinsurance gaps, with unrecoverable losses. The Co-op’s H1 2023 results plummeted from a £3M profit to a £75M loss, compounded by higher employee costs. Leadership cited youth disenfranchisement as a root cause of cyber threats and partnered with The Hacking Games for mitigation.
INCIDENT DETAILS -
TYPE
Cyber AttackSocial EngineeringRansomware AttemptMalware Infection
MOTIVATION
Financial Gain (Ransomware Attempt)Potential Data Theft/Disruption
IMPACT
Financial Loss: £120 million (annual profit hit); £300 million (potential sales loss)Operational Systems (Partial Downtime)Sales SystemsDowntime: Ongoing (some systems not fully restored as of July 2023)Operational Impact: Disrupted trading, prioritization of vulnerable communities, 4,000 attack attempts per minute during peakRevenue Loss: £200 million (first six months); £300 million (potential total)Brand Reputation Impact: Moderate (public disclosure of attack and financial losses)
JUNE 2021
798Before Incident
Cyber Attack
16 Jun 2021Co-op
The Co-operative Group

Co-operative Group Cyber Attack (April 2025)

761After Incident
CRITICAL-37
THE1692016092625
The Co-operative Group (Co-op) suffered a malicious cyber attack in April 2025, resulting in a £80m ($107m) hit to its H1 2025 operating profits, including £20m in one-off costs. The attack caused payment disruptions across retail systems, leading to £206m in lost sales revenue and widespread product shortages. Critical operations, including funeral homes, reverted to paper-based processes, while stores faced empty shelves. The breach compromised personal data of all 6.5 million member customers, exacerbating financial and reputational damage. The incident contributed to a £75m pre-tax loss (vs. a £3m profit in H1 2024), with full-year profit impact projected at £120m. Limited insurance recovery was expected, as coverage applied only to immediate response costs, not long-term losses. The attack exposed vulnerabilities in Co-op’s IT infrastructure, particularly in its Food business, prompting structural reforms. Group revenue declined 2.1% YoY (£5.6bn → £5.4bn), though net debt reduced significantly from £1bn (2021) to £43m. Leadership acknowledged the attack’s severe operational and financial consequences, emphasizing ongoing efforts to mitigate future cyber risks.
INCIDENT DETAILS -
TYPE
cyber attackdata breachoperational disruption
IMPACT
Operating Profit Impact: £80m (H1 2025)One Off Costs: £20mFull Year Profit Impact: £120mPre Tax Loss: £75m (H1 2025, vs £3m profit in H1 2024)Insurance Recovery: limitedCustomers Affected: 6.5 million (member customers)personally identifiable information (PII)IT systems (retailer)payment systemsinventory management systemsfuneral home operations (reverted to paper-based)payment disruptionswidespread product shortagesempty shelves in storesfuneral homes reverted to paper-based operationsSales Revenue Impact: £206mGroup Revenue Decline: 2.1% (from £5.6bn in H1 2024 to £5.4bn in H1 2025)Brand Reputation Impact: significant challenges noted by Co-op chair Debbie White; incident described as 'malicious'Identity Theft Risk: high (due to theft of personal data from 6.5 million customers)
DATA BREACH
personally identifiable information (PII)Number Of Records Exposed: 6.5 million (member customers)Sensitivity Of Data: highData Exfiltration: yes (theft of personal data)Personally Identifiable Information: yes

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Co-op ?
?
What was Co-op's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Co-op's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Co-op's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Co-op's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Co-op's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Co-op's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Co-op's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Co-op's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Co-op's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Co-op's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Co-op's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Co-op's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Co-op ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Co-op's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?