Arrests made in hunt for hackers behind cyber attacks on M&S and Co-op
The suspects remain in custody for questioning by officers from the NCA's National Cyber Crime Unit


The UK’s National Crime Agency (NCA) has arrested four people believed to be linked to the cyber attacks on Marks and Spencer (M&S), Co-op, and Harrods.
In a statement, the crime agency said two 19-year-old men, a 17-year-old boy, and a 20-year-old woman were arrested at locations in the West Midlands and London on suspicion of offences committed under the Computer Misuse Act, as well as blackmail, money laundering, and involvement in organized crime.
The NCA said the suspects remain in custody for questioning by officers from its National Cyber Crime Unit.
30% off Keeper Security's Business Starter and Business plans
Keeper Security is trusted and valued by thousands of businesses and millions of employees. Why not join them and protect your most important assets while taking advantage of this special offer?
Electronic devices belonging to the suspects have been seized as part of the operation and are awaiting digital forensic analysis, the agency confirmed.
Commenting on the arrests, deputy director Paul Foster, head of the NCA’s National Cyber Crime Unit, said the arrests mark a “significant step in the investigation into the attacks which rocked UK retailers earlier this year.
“Since these attacks took place, specialist NCA cyber crime investigators have been working at pace and the investigation remains one of the agency's highest priorities,” he said.
"Cyber attacks can be hugely disruptive for businesses and I'd like to thank M&S, Co-op and Harrods for their support to our investigations,” Foster added.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“Hopefully this signals to future victims the importance of seeking support and engaging with law enforcement as part of the reporting process. The NCA and policing are here to help."
UK retailers shaken by disruptive attacks
The alleged offenses took place in April 2025, when all three retailers were hit by cyber attacks. The impacts on the businesses and their customers have been quite different, however.
The experience of M&S, which was the first to report suffering an incident, has been particularly drawn out. In the immediate wake of the incident, the retailer was forced to pause online orders and click and collect services for customers across the UK.
M&S resumed orders in early June, six weeks after the attack. The cost of recovery is expected to range in the hundreds of millions for the company.
The alleged attack on M&S was followed quickly by disruption at Co-op, which left customers across the UK facing empty shelves. Those living in parts of the Scottish Highlands and Islands were particularly badly affected as these were often the only food retailers in the area.
Harrods, the third alleged target, only experienced minor disruption for a limited time, however.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.
He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.
For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.
-
Cyber pros say the buck stops with the board when it comes to security failings
News Fines, sanctions, and even prosecution are all on the table when it comes to cyber failings, practitioners believe
-
Does the US AI Action Plan add up and how will it change the global AI landscape?
Long read Businesses should expect to feel benefits in the short term, especially AI developers with potential to land government contracts – but experts warn of risks on the horizon
-
Cyber pros say the buck stops with the board when it comes to security failings
News Fines, sanctions, and even prosecution are all on the table when it comes to cyber failings, practitioners believe
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malware
News Researchers say the tool is already achieving the “gold standard” in malware classification
-
Employee distraction is now your biggest cybersecurity risk
News Workplace distraction is the top reason organizations fall victim to cyber attacks, according to new research.
-
Apple just released an emergency patch for a zero-day exploited in the wild – here’s why you need to update now
News Apple is warning millions of users of iPhones, iPads and Macs to update their software to protect against an out-of-bounds write vulnerability
-
Cyber teams are struggling to keep up with a torrent of security alerts
News Fragmented identity security processes are creating blind spots, and the proliferation of tools doesn't help
-
The Allianz Life data breach just took a huge turn for the worse
News Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
-
US authorities just took down 'one of the most powerful DDoS botnets to ever exist’ with help from AWS
News The Rapper Bot botnet was responsible for a series of large-scale DDoS attacks on government agencies and tech companies. Now it's gone.
-
UK telecoms firm takes systems offline after cyber attack
News The Warlock ransomware group said it was selling a million stolen documents