Cyberattack on British retailer Co-op shaved about $275 million from revenues, company says

The Co-op retail chain took a £206 million (about $274 million) hit to its revenues due to a cyberattack in April that led to empty store shelves and the theft of customer data.

The attack was one of several high-profile incidents in the spring affecting U.K. businesses, including the retail giant Marks & Spencer (M&S). Four people, including one teenage minor, were arrested in July in connection to the hacks on Co-op, M&S and Harrods. The hackers are reportedly believed to have ties to the Scattered Spider group — a loose-knit collection of young cybercriminals. 

In an earnings report filed on Thursday, Co-op said its food business was hit hardest by the incident, “with availability reduced as systems were proactively taken offline.” In-store supplies were noticeably impacted weeks after the incident was detected, with CEO Shirine Khoury-Haq telling customers that staff were “working day and night to protect our systems and get our operations back on track.” 

“Stores continued to trade but were impacted by stock availability, competitor activity to take market share, and the temporary loss of key trading systems and promotional offers,” the company said in its earnings report. 

Co-op was reportedly able to avoid having its systems locked down by ransomware by disconnecting its networks. Nonetheless, all of its 6.5 million members had data stolen in the incident. 

It said total profit loss caused by the cyberattack in the first half of the year was £80 million ($106.7 million).