Co-op boss steps down as cost of last year’s attack nears £3 million

Published: 26 March 2026
co-op-attack
Image by Getty Images/Mike Kemp.

Co-op’s CEO, Shirine Khoury-Haq, has resigned amid escalating costs from last year’s cyberattack on the UK retailer.

Announcing the move on Thursday, the convenience store operator also raised its estimate of the cost of the April 2021 cyberattack.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Google News Follow us
ADVERTISEMENT

During the attack, Co-op was forced to shut down its systems to limit the breach's impact, leading to severe disruption and empty shelves across its 2,300 UK stores.

While the attackers were never confirmed, ransomware gang DragonForce claimed responsibility for the breach, with evidence suggesting they provided the ransomware-as-a-service to the attackers.

However, law enforcers at the National Crime Agency (NCA) focused their investigation on Scattered Spider, an English-speaking group that may have used DragonForce tools, or on the possibility that the two groups were linked or overlapping.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites

Regardless of who was responsible, the retailer says now that the total cost of the attack is higher than expected, estimating a £285 million hit to revenue, up from previous guidance of £206 million.

The group estimated that the attack reduced profits by £107 million, compared with an estimate of £80 million in September, while also disclosing £21 million of “additional, non-recurring costs.”

UK firms face millions of pounds in losses from cyberattacks

Co-op said in a statement that Khoury-Haq would step down on March 29th.

ADVERTISEMENT

Kate Allum, a member-nominated Director on the Co-op Group Board, will take over as interim CEO while the company searches for a successor.

In a statement issued on Thursday announcing Khoury-Haq’s departure, the Co-op said that since the cyberattack, it had developed a multiyear strategy to recover and then begin an “ambitious phase of growth.”

“This will require long-term leadership exceeding the tenure that Shirine intended at Co-op,” it added

Last year, it was reported that a cybersecurity incident at carmaker Jaguar Land Rover resulted in a total loss of approximately £1.9 billion and affected over 5,000 UK businesses.

A group calling itself “Scattered Lapsus$ Hunters” claimed responsibility for the attack, although JLR never publicly named a specific group.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Nadella scoffs at AI giants as Microsoft may host China’s DeepSeek
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Cloudflare gives AI agents temporary accounts to deploy websites without human logins
Developers giving attackers a free ride after hundreds of iPhone AI apps found exposing credentials
This tiny European country is pioneering digital ID for AI agents
Canadian lender TD tells some employees it will use software to monitor their work
ADVERTISEMENT