Supermarket chain Co-op has said that a significant cyber attack in April 2025 had a £285 million impact on its revenue, alongside a £107 million impact to profitability.
The company said in a trading update ahead of its full-year results and annual report that responding to the cyber attack was the most challenging phase of the financial year, as the cyber attack and resulting shutdown of the company’s systems dealt an estimated £285 million blow to revenue.
Had the cyber attack not occurred, the company believes its revenue shortfall would have been limited to just 0.3% compared to 2024. In 2025, the company earned a revenue of just over £1.1bn, about £250 million less than its revenue in the previous year.
Similarly, the cyber attack caused a direct impact of £86 million to the company’s profitability, dragging a profit of £45 million in 2024 to a loss of £126 million in 2025. Changing health-related consumer behaviour and increasing regulatory costs also contributed to the net loss in the financial year, the company said.
“2025 was a challenging year, but those challenges have helped us reshape Co-op for the future,” said Co-op chair Debbie White. “Despite a cyber attack and tough market conditions, our colleagues have shown incredible resilience, keeping communities served and essential services running.”
The latest announcement follows a similar announcement from the company in October in which it said that the cyber attack in April caused a £206 million reduction in sales, which translated into an £80 million hit to its earnings. This earnings impact included around £20 million in one-off, non-underlying costs.
The cyber attack involved a hacking group called “DragonForce” infiltrating Co-op’s network and exfiltrating vast amounts of information stored in its systems. Shirine Khoury-Haq, the company’s CEO, said the cyber attack affected all 6.5 million of its members. The compromised data included personal information of current and past Co-op Group members, such as names and contact details.
The cyber attack forced Co-op to take portions of its internal network offline to protect its systems. The company’s IT team worked diligently to contain the threat, monitor hacker activity, and gradually bring systems back online safely, with the delay significantly affecting the company’s financial performance.
Co-op was among a glut of household names hit by cyeberattackers last year, with the likes of Jaguar Land Rover, Harrods and Marks and Spencers also hit.
