The chief executive of the Co-op said they’re “very proud” of the retailer’s response to a cyber attack earlier this year despite huge financial losses.
In a statement reacting to the company’s recent earnings report, Shrine Khoury-Haq said the company’s “financial strength allowed us to respond as a member-owned organization”.
"I’m very proud of how we reacted: we kept trading, prioritized colleagues and vulnerable communities, and launched a partnership with The Hacking Games to tackle youth disenfranchisement – the root of many cyber threats,” Khoury-Haq said.
Khoury-Haq’s upbeat outlook comes after the retailer reported significant financial losses in the aftermath of the attack.
Co-op revealed the incident cost £206 million in revenue and £80 million in operating profits. Overall, pre-tax profit went from £58 million in the first half of last year to a loss of £50 million in the six months to 5 July this year.
Looking ahead, the company said it expects to see further financial effects from the attack during the second half of this year, although the impact would be lower than during the first half.
"The first half of 2025 brought significant challenges, most notably from a malicious cyber attack," said chairwoman Debbie White.
"Our balance sheet strength and the magnificent response of our 53,000 colleagues enabled us to maintain vital services for our members and their communities. We must now build our Co-op back better and stronger to meet the challenges and opportunities that lie ahead."
The attack in April saw the data of all 6.5 million members stolen, including names and addresses and contact information. Shelves in stores across the UK were left bare, and customers had problems making payments.
The Co-op said it moved quickly to contain the incident, and that it was working with the National Cyber Security Centre (NCSC).
Co-op one of a string of retail victims this year
The attack on the Co-op was just one of several ransomware incidents against British retailers this year, with other victims including Marks and Spencer (M&S) and Harrods.
In May, M&S warned that the cyber attack was set to cost it £300 million in lost profits. However, chief executive Stuart Machin described this as a “one-off” and said it was “not significant” to the business as a whole.
In July, the National Crime Agency (NCA) arrested four people believed to be linked to the Co-op and M&S attacks, along with a similar attack on Harrods.
The two 19-year-old men, a 17-year-old boy, and a 20-year-old woman were arrested in the West Midlands and London.
“Since these attacks took place, specialist NCA cyber crime investigators have been working at pace and the investigation remains one of the agency's highest priorities,” said National Crime Agency (NCA) deputy director Paul Foster, head of the National Cyber Crime Unit.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Task masking: why employees are pretending to be busy at workIn-depth Rising employer expectations and workforce monitoring is driving task masking – but there's more to this performative productivity than laziness
-
AI is boosting personal productivity but slowing down teams – here’s whyNews An Atlassian survey suggests AI is helping worker productivity, but a failure to collaborate means it isn't delivering ROI
