The Co-op cyberattack: Shelves bare and hundreds of millions of pounds lost

Empty shelves. Millions in lost revenue. Customer data stolen. The recent cyberattack on the Co-operative Group (or Co-op), one of the UK's most beloved retail chains, demonstrates that no organization is immune to cyber threats.

Acronis Cyber Protect and Acronis Cyber Protect Cloud offer natively integrated backup and cybersecurity capabilities that deliver comprehensive protection to businesses and their MSP partners. In an era where cyberattacks can strike without warning, having robust cyber resilience isn't optional. It's essential for survival.

The Co-op cyberattack began in April 2025 and quickly evolved from a concerning security incident into a full-blown business crisis. By the time the dust settled, the attack had cost the retail giant a staggering $275 million (£206 million) in lost revenue. The food business took the hardest hit, with stock shortages lasting weeks and customers facing empty shelves across the country.

The cybercrime group known as "DragonForce" claimed responsibility for the attack. What made this incident particularly sophisticated was the attackers' use of social engineering. They posed as legitimate IT personnel to infiltrate Co-op's systems. Once inside, they moved quickly to compromise critical infrastructure.

Co-op's response was swift. The company disconnected networks to prevent ransomware lockdown, a decision that likely prevented even more catastrophic damage. However, this defensive action couldn't stop the data breach that had already occurred. Personal information belonging to 6.5 million current and past members was stolen, including names, contact details, residential addresses, email addresses, phone numbers and dates of birth.

As devastating as the Co-op attack was, it could have been significantly worse. The attackers did not gain access to members' passwords, bank details or credit card information. No transaction data or information about members' products or services was compromised.

This is a crucial reminder that while data breaches are serious, the extent of damage can vary dramatically based on an organization's security posture and incident response capabilities. Co-op's decision to quickly disconnect networks, though disruptive to operations, prevented the attackers from deploying ransomware that could have locked down systems for weeks or months.

Still, the impact was severe. Stock shortages plagued stores for weeks. Customers couldn't find the products they needed. The company's reputation took a hit. And 6.5 million people had their personal information exposed, creating potential risks for phishing attacks and identity theft.

The financial toll of $275 million in lost revenue tells only part of the story. There were almost assuredly costs associated with incident response, forensic investigation, system restoration, customer communications and enhanced security measures implemented in the wake of the attack. The true cost likely extends well beyond the reported revenue loss.

The Co-op incident serves as a stark reminder that cyberattacks don't discriminate. Whether you're a multinational retailer, a small manufacturer, a healthcare provider or a professional services firm, you're a potential target.

Modern businesses face an expanding attack surface. Cloud services, remote work arrangements, supply chain connections and Internet of Things (IoT) devices all create potential entry points for attackers. Legacy systems running outdated software present additional vulnerabilities. And perhaps most concerning, social engineering attacks like the one used against Co-op target the human element — employees — which can be the weakest link in your security chain.

The interconnected nature of modern business means that an attack on one organization can have cascading effects throughout entire ecosystems. Suppliers, partners and customers can feel the impact when a major player is compromised. This was evident in the Jaguar Land Rover attack, where production stoppages rippled through the automotive supply chain, and it's equally true in retail, healthcare, finance and every other sector.

The threat landscape is constantly evolving. Ransomware groups are becoming more brazen, demanding larger ransoms and threatening to release stolen data if payments aren't made. Advanced persistent threat (APT) groups backed by nation-states are conducting sophisticated campaigns for espionage and disruption. And cybercrime-as-a-service platforms are making it easier than ever for even low-skill attackers to launch devastating attacks.

The Co-op cyberattack is the latest in a series of high-profile attacks targeting the retail sector. The same DragonForce group also claimed responsibility for attacks on Marks & Spencer and attempted to compromise Harrods. This pattern demonstrates that retail organizations are prime targets for cybercriminals.

Why retail? Several factors make the sector attractive to attackers:

• Rich data environments: Retailers hold valuable customer information, including payment details, personal identities and shopping behaviors.
• Complex supply chains: Multiple integration points with suppliers, logistics providers and payment processors create additional attack surfaces.
• 24/7 operations: Retailers can't afford extended downtime, making them more likely to pay ransoms.
• Diverse technical environments: Mix of legacy point-of-sale systems and modern cloud platforms creates inconsistent security postures.
• Seasonal vulnerabilities: High-traffic periods like holidays create urgency that attackers can exploit.

For retailers, the consequences of cyberattacks extend beyond immediate financial losses. Empty shelves erode customer trust. Data breaches damage brand reputation. Regulatory investigations and potential fines add to costs. Competitive disadvantage emerges as customers turn to rival brands that maintained operations.

Managed service providers (MSPs) have a responsibility to protect clients from cyberthreats. However, MSPs face unique challenges: They need to protect dozens or hundreds of clients with varying technical environments, limited budgets and different risk profiles. This is where Acronis Cyber Protect Cloud becomes invaluable.

Acronis Cyber Protect Cloud is the industry's only solution that unites cybersecurity, data protection and endpoint management in one natively integrated platform, with one agent and a single management console for all components. This integration is transformative for MSPs because it dramatically reduces complexity while increasing protection effectiveness.

Instead of managing multiple disparate security solutions, MSPs can deliver comprehensive protection through a single platform. This consolidation reduces the time and resources required to provide client protection, enabling MSPs to serve more clients without proportionally increasing overhead.

The unified approach also creates natural upsell and cross-sell opportunities. When backup, cybersecurity, and management capabilities are all part of the same solution, it's easier to demonstrate value and expand service offerings to existing clients.

While MSPs serve as crucial partners for many organizations, businesses of all sizes need robust, natively integrated cyber protection. Acronis Cyber Protect delivers enterprise-grade security and data protection, also in a natively integrated platform that addresses the full spectrum of modern cyber threats with a single point of control.

As is the case with Acronis Cyber Protect Cloud, the key differentiator of Acronis Cyber Protect is its native integration. Rather than simply packaging separate security and backup tools together, Acronis has built cybersecurity and data protection capabilities into a single, cohesive platform. This integration means:

• Backup data is automatically scanned for malware before restoration, preventing reinfection.
• Anti-malware protection works in concert with backup to detect and respond to threats in real-time.
• Vulnerability assessments inform both security hardening and recovery planning,
• A single agent reduces system overhead compared to running multiple security tools.

The Co-op cyberattack should serve as a wake-up call for every organization. Cyber resilience is not just about protecting data. It's about ensuring business continuity, protecting customer trust and maintaining competitive advantage in an increasingly hostile digital landscape.

Acronis Cyber Protect Cloud empowers MSPs to deliver enterprise-grade protection to clients of all sizes, while Acronis Cyber Protect gives businesses direct access to the same natively integrated cybersecurity capabilities that can make the difference between a business-threatening catastrophe and a minor incident that’s easily resolved.