Co-op Reports £80 Million Profit Hit Following April Cyber-Attack

Cyber-Attack Leads to Significant Financial Losses

The Co-operative Group (Co-op) has reported a substantial financial impact from a sophisticated cyber-attack that occurred in April of this year. The incident resulted in an £80 million hit to the group's operating profits for the first half of its financial year, which concluded on July 5th. This figure includes £20 million in one-off incremental costs and £60 million attributed to lost sales while systems were offline.

In addition to the profit reduction, the Co-op experienced a revenue loss of approximately £206 million during the same period. The attack caused the Co-op to swing to an underlying pre-tax loss of £75 million for the six months, a stark contrast to the £3 million profit recorded in the previous year. The group now anticipates a total hit of £120 million to its full-year profits as a consequence of the cyber-attack.

Operational Disruptions and Data Breach Details

The malicious cyber-attack, attributed to Scattered Spider affiliates and linked to the DragonForce ransomware operation, forced the Co-op to temporarily shut down critical parts of its IT systems to contain the threat. This proactive measure led to widespread operational disruptions across the Co-op's diverse businesses, which include food retail, funeral care, legal services, and insurance.

• Grocery Stores: Shoppers faced noticeable gaps on shelves due to supply chain issues.
• Funeralcare: Services were forced to operate using paper-based systems, lacking access to digital tools.
• Back-office Operations: Disruption extended to back-office and call-center services.

In July, the Co-op confirmed that the personal data of all 6.5 million of its members had been stolen during the incident. The compromised information included members' names, contact details (residential address, email address, and phone number), and dates of birth. However, the Co-op reassured members that no sensitive financial information, such as passwords, bank details, or credit card information, was accessed or compromised.

Response and Ongoing Investigations

Co-op's Chief Financial Officer, Rachel Izzard, stated that the company had 'limited insurance cover' for the incident, primarily for 'front-end elements of cyber insurance' but not for 'back-end losses.' The attack, which reportedly gained access through 'social engineering,' prompted a swift response from the Co-op to protect its systems.

Law enforcement has made progress in the investigation, with the UK's National Crime Agency (NCA) arresting four suspects—three British and one Latvian—in July. These arrests are linked to a series of cyber-attacks targeting not only the Co-op but also other major UK retailers, including Marks & Spencer and Harrods, which occurred around the same period. The Information Commissioner's Office (ICO) is expected to launch an investigation into the data breach. The Cyber Monitoring Centre (CMC) classified the Co-op and M&S attacks as a Category 2 systemic event, highlighting the significant financial impact on the UK.