Co-op: £80m Profit Hit, 6.5 Million Members Exposed
A malicious cyber-attack on the Co-op in April 2025 lost £206m in revenue, hit half-year profits by £80m and exposed data on all 6.5 million members. Here is what happened, and why offline storage matters.

Mark Fermor
Director & Co-Founder, Firevault
In April 2025, the Co-operative Group was forced to shut down parts of its IT systems after discovering an attempted hack. The impact rippled through its 2,000-plus grocery stores and 800-plus funeral parlours: gaps appeared on shelves, and funeral colleagues fell back on paper-based systems while digital services were unavailable.
In September 2025 the group confirmed the financial damage. Revenue lost to the attack is estimated at £206 million, with an £80 million hit to operating profit in the first half of the financial year. The Co-op now expects a £120 million hit to full-year profits, inclusive of any insurance recovery.
What Happened
Robert Elsey, the Co-op's chief digital and information officer, said attackers gained access through social engineering, impersonating a colleague. He described the attack as sophisticated and persistent, with the attackers repeatedly trying to re-enable accounts that Co-op teams were shutting down within minutes.
The group first revealed the scale of the data loss in July: all 6.5 million members had personal information stolen, including names, addresses and contact details. Chief executive Shirine Khoury-Haq told the BBC she was 'incredibly sorry'. No financial information, card details or transaction data were taken.
The Cost, in Numbers
- £206m in lost revenue attributed to the attack.
- £80m hit to first-half operating profit; £120m estimated hit for the full year, inclusive of insurance recovery.
- Revenue down 2.1% to £5.5bn in the six months to 5 July; pre-tax result swung from a £58m profit a year earlier to a £50m loss.
- 6.5 million members had personal data stolen — every member of the mutual.
- Limited insurance cover: front-end response only, with no expected claim on back-end losses, according to CFO Rachel Izzard.
Source: Co-op says 'malicious' cyber-attack has hit profits by £80m — The Guardian
The Common Thread
The Co-op attack came days after the incident at Marks & Spencer, and Harrods was forced to shut down some systems in the same wave. Three national brands, three variations of the same pattern: valid credentials obtained through social engineering, then rapid movement across connected estates that were designed to be reachable at all times by staff and third parties.
The Co-op's own account is instructive: detection worked, and colleagues began shutting down malicious accounts within minutes. The attackers were persistent enough that containment still ran for weeks, with material impact on food replenishment and funeral services.
What Offline Storage Changes
The Co-op incident highlights two categories of data that do not need to live on always-on infrastructure:
- Historical member records. Marketing preferences and lifetime membership history do not need to be one credential away from an attacker. They can sit in offline Storage and be brought online only when specifically required.
- Replenishment and funeral reference data. Master data that changes rarely but underpins day-to-day operations is a prime candidate for immutable, offline copies. When the connected version is compromised, the offline copy becomes the fastest route back to trading and to serving grieving families.
Firevault's approach is not to replace the connected estate. It is to remove the data that does not need to be there from the blast radius entirely.
Lessons for Membership Organisations
- Membership data is not a low-value asset. It is exactly the record set adversaries want, because it enables downstream fraud at scale.
- Segregate historical archives from live operational systems. If a breach can touch 6.5 million records in one motion, that architecture needs revisiting.
- Do not rely on cyber insurance to fill the gap. As the Co-op has publicly acknowledged, back-end losses often sit outside cover.
Conclusion
The Co-op did many things right in its response: fast detection, rapid account shutdown, honest disclosure and a candid update to members. The lesson is architectural, not operational: connected systems will be breached, and the organisations that suffer least are those that have already moved their most sensitive and their most operationally critical data beyond the reach of the network.
See how offline Storage protects large-scale member and operational data, or Vault for board-level records.
Suggested Reading
- What is Offline Secure StorageThe foundation of physical disconnection
- Why Offline Secure StorageThe case for physical control
- Ransomware DefenceHold gold copies offline
- Firevault ControlPhysical path control for IT and OT
- Knowledge VaultAll articles, guides and whitepapers
- Book a DemoSee Firevault in action



