Co-op says 2025 cyber attack dealt a £285m impact to annual revenue

British supermarket chain Co-op said a significant cyber attack in April 2025 had a telling impact on its finances with a £285 million impact on revenue and a £107 million impact to profitability.

 

The company said in a trading update ahead of its full-year results and annual report that responding to the cyber attack was the most challenging phase of the financial year, as the cyber attack and the resulting shutdown of the company’s systems dealt an estimated £285 million direct impact on its revenue.

 

Had the cyber attack not occurred, the company believes its revenue shortfall would have been limited to just 0.3% compared to 2024. In 2025, the company earned a revenue of £11,025 million, £254 million less than its revenue in the previous year.

 

Similarly, the cyber attack caused a direct impact of £86 million to the company’s profitability, dragging a profit of £45 million in 2024 to a loss of £126 million in 2025. Changing health-related consumer behaviour and increasing regulatory costs also contributed to the net loss in the financial year.

 

“2025 was a challenging year, but those challenges have helped us reshape Co-op for the future,” said Co=op chair Debbie White. “Despite a cyber attack and tough market conditions, our colleagues have shown incredible resilience, keeping communities served and essential services running.”

 

The latest announcement follows a similar announcement from the company in October in which it said that the cyber attack in April caused a £206 million reduction in sales, which translated into an £80 million hit to its earnings. This earnings impact included around £20 million in one-off, non-underlying costs.

 

The cyber attack involved a hacking group called “DragonForce” infiltrating Co-op’s network and exfiltrating vast amounts of information stored in its systems. Shirine Khoury-Haq, the company’s CEO, said the cyber attack affected all 6.5 million of its members. The compromised data included personal information of current and past Co-op Group members, such as names and contact details. 

 

The cyber attack forced Co-op to take portions of its internal network offline proactively to protect its systems. The company’s IT team worked diligently to contain the threat, monitor hacker activity, and gradually bring systems back online safely, and the delay had a telling impact on the company’s financial performance.