Co-op Company Cyber Security Posture
coop.co.ukOwned by you. Right by you.
Co-op Company Details
the-co-op-group
19686 employees
211789.0
452
Retail
coop.co.uk
Scan still pending
CO-_1787391
In-progress
Co-op Risk Score (AI oriented)Between 800 and 900
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Co-op Global Score.png)
Co-op Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 800 and 900 |
Co-op Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Co-operative Group (Co-op) | Cyber Attack | 85 | 4 | 5/2025 | THE523050725 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: In late March 2024, the Co-operative Group disclosed that a sophisticated cyber-attack on its network had resulted in the unauthorized exfiltration of customer data from one of its back-office systems. According to an FAQ posted on the retailerโs website, hackers were able to extract names, residential addresses, email addresses, phone numbers and dates of birth belonging to Co-op Group members. Although the attackers did not gain access to more sensitive information such as member passwords, payment card details or transaction histories, the incident nevertheless represents a significant breach of personal data. In response, the Co-op took multiple systems offline and engaged with the UKโs National Cyber Security Centre (NCSC) to contain the incident and begin the recovery process. The breach has prompted the NCSC to issue fresh guidance to the wider retail sector, emphasizing the need for robust multi-factor authentication, vigilant monitoring of privileged accounts, and rapid assimilation of threat intelligence. Senior government figures have described the attack as a "wake-up call" for all organizations to treat cybersecurity as a strategic priority. The Co-op continues to investigate the full scope of the compromise and is notifying affected members while reinforcing its defenses to prevent future intrusions. | |||||||
| Co-op | Cyber Attack | 100 | 5 | 6/2025 | THE301062325 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: Co-op experienced a cyberattack that resulted in significant financial losses and operational disruptions. The attack led to a reduction in daily spend by 11 percent for the first 30 days. The impact was particularly severe in remote and rural areas where Co-op acts as a sole provider. The financial hit was substantial, with lost sales, incident response, IT restoration, and legal counsel costs contributing to the overall impact. The attack had knock-on effects for suppliers, partners, and service providers. | |||||||
| Co-op | Ransomware | 100 | 4 | 7/2025 | THE411071725 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: UK retailer Co-op experienced a significant cyberattack in April that resulted in the theft of personal data of 6.5 million members, causing food shortages in its grocery stores. The attackers successfully copied and accessed the contact information of all members, although no financial or transaction information was exposed. The breach was particularly harmful to the Co-op's members and employees. The CEO, Shirine Khoury-Haq, confirmed the attack and expressed her regret, emphasizing the personal impact on the affected individuals. The attack involved the DragonForce ransomware, and the breach initially occurred through a social engineering attack that allowed threat actors to reset an employee's password and spread to other devices. | |||||||
Co-op Company Subsidiaries
Owned by you. Right by you.
Access Data Using Our API
Get company history
Rapid.png)
Co-op Cyber Security News
Inside The Co-opโs Cyber Attack
After an attempted hack at the weekend, staff at the Co-op have been told they cannot access the company's IT systems.
UK retailer Co-op restoring systems following major cyberattack
The company confirmed on May 2 that its attackers had gained access to certain member contact data, but no passwords or card information.
Everything we know about the Co-op cyber attack so far
The Co-op has shut down parts of its IT system after an attempted cyber attack, just days after M&S battled a cyber incident.
High-profile attacks on M&S and Co-op stress importance of cybersecurity
High-profile cyber attacks which crippled M&S and Co-op have been watched closely by the cybersecurity industry.
Co-op is latest British retailer to be hit by cyber attack
Britain's Co-op Group (42TE.L) said on Wednesday hackers had attempted to break into its systems, the second high-profile cyber attack on a major UK retailerย ...
Electric Co-ops Work to Strengthen Cyber Workforce, Tenn. CEO Tells Congress
Electric cooperatives are taking action to attract cyber experts to their rural communities to protect their systems from cyberattacks.
Co-op admits data breach in cyberattack after DragonForce claims responsibility
None
Co-op Cyberattack: Hackers Claim Massive Data Breach
A ransomware group calling itself DragonForce contacted the BBC with proof of a large-scale data breach, claiming they had exfiltrated sensitiveย ...
M&S, Co-Op and Harrods got hit by a cyberattack: here's what retailers need to do to stop this
We saw three retail giants, Harrods, Marks & Spencer, and the Co-op, fall victim to cyberattacks, shaking consumer confidence and underlining a hard truth.
Co-op Similar Companies
Pearle Europe
Pearle Europe is a leading optical retail company that started in November 1996 with the acquisition of Pearle Netherlands from the US based Pearle Vision Inc. Since 1996 the Group has entered new European markets almost every year through the acquisition of strong local retail formats. Pearle E
Belk
Charlotte-based Belk, Inc., a privately-owned department store, began when William Henry Belk opened his first store in 1888 with his brother, Dr. John Belk, joining as a partner. What started as two brothers in business has now grown into a legacy of selling great products at great prices, treating
Cencosud S.A.
Cencosud S.A. is a Chilean based multi-format retailer with operations in Argentina, Brazil, Chile, Colombia, Peru and a commercial office in China. Through its supermarket, home improvement, department stores, shopping centers and financial services divisions, the Company targets a wide range o
South Hill Designs
South Hill Designs is a lifestyle business for fun-loving people Two dads, five little girls, and the desire to make a difference... These were the seeds that made South Hill an astonishing success within one year of launching. South Hill is a home party company that offers beautiful personali
John Lewis Partnership
Working in Partnership for a happier world. Our Partnership is an ongoing experiment to find happier, more trusted ways of doing business, for the benefit of us all. We work together to create a successful business and a fairer, more sustainable future for Partners, customers, suppliers and communi
AP Eagers Limited
Eagers Automotive has a long and proud history in Australia operating within the automotive industry that extends for over 100 years. Eagers Automotive has shown resilience and innovation throughout the ever changing automotive landscape while being true to its heritage and has seen the company gro
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Co-op CyberSecurity History Information
How many cyber incidents has Co-op faced?
Total Incidents: According to Rankiteo, Co-op has faced 3 incidents in the past.
What types of cybersecurity incidents have occurred at Co-op?
Incident Types: The types of cybersecurity incidents that have occurred incidents Cyber Attack and Ransomware.
What was the total financial impact of these incidents on Co-op?
Total Financial Loss: The total financial loss from these incidents is estimated to be $270 million.
How does Co-op detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through law enforcement notified with Yes and containment measures with Shut down several IT systems and communication strategy with Public apology by CEO and containment measures with Taking multiple systems offline, Engaging with the UKโs National Cyber Security Centre (NCSC) and communication strategy with Notifying affected members.
Incident Details
Can you provide details on each incident?
Incident : Data Breach, Ransomware
Title: Co-op Cyberattack
Description: UK retailer Co-op has confirmed that personal data of 6.5 million members was stolen in the massive cyberattack in April that shut down systems and caused food shortages in its grocery stores.
Date Detected: 2023-04-22
Type: Data Breach, Ransomware
Attack Vector: Social Engineering, Password Reset
Vulnerability Exploited: Weak password policies
Threat Actor: Scattered Spider
Motivation: Financial, Data Theft
Incident : Cyberattack
Title: Cyberattacks on Major UK Retail Organizations
Description: Britain's Cyber Monitoring Centre (CMC) estimates the total cost of the cyberattacks that crippled major UK retail organizations recently could be in the region of ยฃ270-440 million ($362-591 million). The organization โ which launched earlier this year and introduced standardized grading of cyberattacks โ gave the criminals' digital intrusions of retail outlets across the country high marks, characterizing them as a category 2 systemic event.
Type: Cyberattack
Incident : Data Breach
Title: Co-operative Group Data Breach
Description: A sophisticated cyber-attack on the Co-operative Group's network resulted in the unauthorized exfiltration of customer data from one of its back-office systems. Hackers extracted names, residential addresses, email addresses, phone numbers, and dates of birth of Co-op Group members. No access to member passwords, payment card details, or transaction histories was gained.
Date Publicly Disclosed: March 2024
Type: Data Breach
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Social engineering and password reset.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach, Ransomware THE411071725
Data Compromised: Contact information of 6.5 million members
Systems Affected: IT systems, Windows domain
Downtime: Food shortages in grocery stores
Operational Impact: System shutdowns
Brand Reputation Impact: Significant
Identity Theft Risk: High
Payment Information Risk: None
Incident : Cyberattack THE301062325
Financial Loss: ยฃ270-440 million ($362-591 million)
Incident : Data Breach THE523050725
Data Compromised: names, residential addresses, email addresses, phone numbers, dates of birth
What is the average financial loss per incident?
Average Financial Loss: The average financial loss per incident is $90.00 million.
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Contact information, names, residential addresses, email addresses, phone numbers and dates of birth.
Which entities were affected by each incident?
Incident : Data Breach, Ransomware THE411071725
Entity Type: Retailer
Industry: Retail
Location: United Kingdom
Size: Large
Customers Affected: 6.5 million
Response to the Incidents
What measures were taken in response to each incident?
Incident : Data Breach, Ransomware THE411071725
Law Enforcement Notified: Yes
Containment Measures: Shut down several IT systems
Communication Strategy: Public apology by CEO
Incident : Data Breach THE523050725
Containment Measures: Taking multiple systems offline, Engaging with the UKโs National Cyber Security Centre (NCSC)
Communication Strategy: Notifying affected members
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach, Ransomware THE411071725
Type of Data Compromised: Contact information
Number of Records Exposed: 6.5 million
Sensitivity of Data: High
Data Exfiltration: Yes
File Types Exposed: Windows NTDS.dit file
Personally Identifiable Information: Yes
Incident : Data Breach THE523050725
Type of Data Compromised: names, residential addresses, email addresses, phone numbers, dates of birth
Data Exfiltration: Yes
Personally Identifiable Information: Yes
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through were Shut down several IT systems, Taking multiple systems offline and Engaging with the UKโs National Cyber Security Centre (NCSC).
Ransomware Information
Was ransomware involved in any of the incidents?
Incident : Data Breach, Ransomware THE411071725
Ransomware Strain: DragonForce
Data Encryption: Unknown
Data Exfiltration: Yes
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents?
Incident : Data Breach THE523050725
Recommendations: Robust multi-factor authentication, Vigilant monitoring of privileged accounts, Rapid assimilation of threat intelligence
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Robust multi-factor authentication, Vigilant monitoring of privileged accounts, Rapid assimilation of threat intelligence.
References
Where can I find more information about each incident?
Incident : Data Breach, Ransomware THE411071725
Source: BBC Breakfast show
Incident : Data Breach, Ransomware THE411071725
Source: BleepingComputer
Incident : Cyberattack THE301062325
Source: Britain's Cyber Monitoring Centre (CMC)
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BBC Breakfast show, and Source: BleepingComputer, and Source: Britain's Cyber Monitoring Centre (CMC).
Investigation Status
What is the current status of the investigation for each incident?
Incident : Data Breach, Ransomware THE411071725
Investigation Status: Ongoing
Incident : Data Breach THE523050725
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through were Public apology by CEO and Notifying affected members.
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Data Breach, Ransomware THE411071725
Entry Point: Social engineering and password reset
High Value Targets: Windows NTDS.dit file
Data Sold on Dark Web: Windows NTDS.dit file
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Data Breach, Ransomware THE411071725
Root Causes: Weak password policies, Social engineering vulnerabilities
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident was an Scattered Spider.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2023-04-22.
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on March 2024.
Impact of the Incidents
What was the highest financial loss from an incident?
Highest Financial Loss: The highest financial loss from an incident was ยฃ270-440 million ($362-591 million).
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Contact information of 6.5 million members, names, residential addresses, email addresses, phone numbers and dates of birth.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident were IT systems, Windows domain.
Response to the Incidents
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Shut down several IT systems, Taking multiple systems offline and Engaging with the UKโs National Cyber Security Centre (NCSC).
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Contact information of 6.5 million members, names, residential addresses, email addresses, phone numbers and dates of birth.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 6.5M.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Robust multi-factor authentication, Vigilant monitoring of privileged accounts, Rapid assimilation of threat intelligence.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident are BBC Breakfast show, BleepingComputer and Britain's Cyber Monitoring Centre (CMC).
Investigation Status
What is the current status of the most recent investigation?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Social engineering and password reset.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
