The UK’s National Crime Agency (NCA) has arrested four people believed to be linked to the cyber attacks on Marks and Spencer (M&S), Co-op, and Harrods.
In a statement, the crime agency said two 19-year-old men, a 17-year-old boy, and a 20-year-old woman were arrested at locations in the West Midlands and London on suspicion of offences committed under the Computer Misuse Act, as well as blackmail, money laundering, and involvement in organized crime.
The NCA said the suspects remain in custody for questioning by officers from its National Cyber Crime Unit.
Electronic devices belonging to the suspects have been seized as part of the operation and are awaiting digital forensic analysis, the agency confirmed.
Commenting on the arrests, deputy director Paul Foster, head of the NCA’s National Cyber Crime Unit, said the arrests mark a “significant step in the investigation into the attacks which rocked UK retailers earlier this year.
“Since these attacks took place, specialist NCA cyber crime investigators have been working at pace and the investigation remains one of the agency's highest priorities,” he said.
"Cyber attacks can be hugely disruptive for businesses and I'd like to thank M&S, Co-op and Harrods for their support to our investigations,” Foster added.
“Hopefully this signals to future victims the importance of seeking support and engaging with law enforcement as part of the reporting process. The NCA and policing are here to help."
UK retailers shaken by disruptive attacks
The alleged offenses took place in April 2025, when all three retailers were hit by cyber attacks. The impacts on the businesses and their customers have been quite different, however.
The experience of M&S, which was the first to report suffering an incident, has been particularly drawn out. In the immediate wake of the incident, the retailer was forced to pause online orders and click and collect services for customers across the UK.
M&S resumed orders in early June, six weeks after the attack. The cost of recovery is expected to range in the hundreds of millions for the company.
The alleged attack on M&S was followed quickly by disruption at Co-op, which left customers across the UK facing empty shelves. Those living in parts of the Scottish Highlands and Islands were particularly badly affected as these were often the only food retailers in the area.
Harrods, the third alleged target, only experienced minor disruption for a limited time, however.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Microsoft could be preparing for a crackdown on remote workNews The tech giant is the latest to implement stricter policies around hybrid working without requiring a full five days in the office
-
JetBrains CEO on how developers must transform with AIInterview There may still be a place for strong developer progression in the age of AI, if workers can adapt to rapid changes
-
US federal judiciary agency hit by 'escalated cyber attacks' which exposed highly sensitive dataNews The agency says it plans to step up cybersecurity capabilities in the wake of the incident
-
Nearly one-third of ransomware victims are hit multiple times, even after paying hackersNews Many ransomware victims are being hit more than once, largely thanks to fragmented security tactics
-
Millions of Dell laptops are are at risk thanks to a Broadcom chip vulnerability – and more than 100 device models are impactedNews Widely used in high-security environments, the PCs are vulnerable to attacks allowing the theft of sensitive data
-
Cybersecurity teams are wasting time, money, and effort dealing with tool sprawl and ‘multi-vendor ecosystems’News Tool sprawl is a problem that just won't go away for security teams
-
AI breaches aren’t just a scare story any more – they’re happening in real lifeNews IBM research shows proper AI access controls are leading to costly data leaks
-
75% of UK business leaders are willing to risk criminal penalties to pay ransomsNews A ransom payment ban is a great idea - until you're the one being targeted...
-
Bitdefender targets security gaps with new Cybersecurity Advisory ServicesNews The security vendor has launched a range of new services that include advisory retainers and strategic security guidance
-
‘Polyworking’ is a cybersecurity nightmare waiting to happenNews Particularly popular with Gen Z, so-called polyworking brings huge cybersecurity risks
