In the wake of a sophisticated cyberattack that has impacted retail operations and customer data security, the CEO of Co-op has addressed the situation, outlining the company's response and apologizing to affected members. The attack, which began in late April 2025, has been described as a "highly complex situation" with "sustained malicious attempts by hackers to access [Co-op's] systems".

The Breach and Its Impact

Co-op has confirmed that hackers were able to access and extract data from one of its systems. The compromised data includes personal information of a "significant number" of both current and past Co-op members, such as names and contact details. The company has stated that passwords, bank or credit card details, transaction data, and information related to members' or customers' products or services were not affected.

Despite these assurances, the breach has caused significant disruption. To contain the attack and prevent further unauthorized access, Co-op took "proactive steps" to shut down some of its systems. This resulted in a "small impact on some of our back office and call center services". However, the disruption extended beyond IT systems, impacting deliveries to stores and causing stock shortages, particularly in rural areas. Some stores experienced issues with accepting card payments, with some only able to accept cash for a period.

Co-op's Response

Co-op has launched a thorough investigation into the cyberattack, working in conjunction with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA). The company has implemented measures to prevent unauthorized access to its systems while minimizing disruption to members, customers, colleagues, and partners.

CEO Shirine Khoury-Haq has personally addressed the situation, issuing an apology to customers and members. "This is obviously extremely distressing for our colleagues and members, and I am very sorry this happened," she stated. She emphasized the importance of data protection and the company's commitment to its obligations to customers and regulators. Khoury-Haq also acknowledged that managing the severity of the attack required shutting down some systems to protect the organization.

Recovery Efforts and Future Security Measures

Co-op has been working to restore its systems in a "safe and controlled manner". The company's stock ordering system is back online and fully operational, and increased stock availability is expected in food stores and online. Deliveries to stores are being increased, with a focus on fresh, chilled, and frozen products. Co-op has also confirmed that all forms of payment are being accepted across its stores.

While Co-op is in the recovery phase, the incident has raised concerns about potential compensation claims and regulatory scrutiny. The Information Commissioner's Office (ICO) is making inquiries with Co-op about the cyberattack and is working closely with the NCSC.

The Wider Context

The cyberattack on Co-op is part of a recent series of attacks targeting UK retailers. Marks & Spencer (M&S) and Harrods have also been affected by cyber incidents. A criminal hacking group known as DragonForce has claimed responsibility for the Co-op attack and is believed to be behind the M&S cyberattack as well. Another hacking collective, Scattered Spider, has also been linked to the attack. These groups are known for using ransomware and other malicious software to disrupt systems and steal data.

The NCSC has warned that cybercriminals are impersonating IT help desks to break into organizations. This highlights the need for increased vigilance and cybersecurity awareness among employees.

The Co-op attack serves as a stark reminder of the growing threat of cybercrime and the importance of robust cybersecurity measures. Retailers are particularly vulnerable due to the large volumes of customer data they handle and the increasing reliance on online payment systems. As the investigation continues, the focus remains on protecting customer data, restoring normal operations, and preventing future attacks.