The UK’s National Crime Agency (NCA) has arrested four people believed to be linked to the cyber attacks on Marks and Spencer (M&S), Co-op, and Harrods.
In a statement, the crime agency said two 19-year-old men, a 17-year-old boy, and a 20-year-old woman were arrested at locations in the West Midlands and London on suspicion of offences committed under the Computer Misuse Act, as well as blackmail, money laundering, and involvement in organized crime.
The NCA said the suspects remain in custody for questioning by officers from its National Cyber Crime Unit.
Electronic devices belonging to the suspects have been seized as part of the operation and are awaiting digital forensic analysis, the agency confirmed.
Commenting on the arrests, deputy director Paul Foster, head of the NCA’s National Cyber Crime Unit, said the arrests mark a “significant step in the investigation into the attacks which rocked UK retailers earlier this year.
“Since these attacks took place, specialist NCA cyber crime investigators have been working at pace and the investigation remains one of the agency's highest priorities,” he said.
"Cyber attacks can be hugely disruptive for businesses and I'd like to thank M&S, Co-op and Harrods for their support to our investigations,” Foster added.
“Hopefully this signals to future victims the importance of seeking support and engaging with law enforcement as part of the reporting process. The NCA and policing are here to help."
UK retailers shaken by disruptive attacks
The alleged offenses took place in April 2025, when all three retailers were hit by cyber attacks. The impacts on the businesses and their customers have been quite different, however.
The experience of M&S, which was the first to report suffering an incident, has been particularly drawn out. In the immediate wake of the incident, the retailer was forced to pause online orders and click and collect services for customers across the UK.
M&S resumed orders in early June, six weeks after the attack. The cost of recovery is expected to range in the hundreds of millions for the company.
The alleged attack on M&S was followed quickly by disruption at Co-op, which left customers across the UK facing empty shelves. Those living in parts of the Scottish Highlands and Islands were particularly badly affected as these were often the only food retailers in the area.
Harrods, the third alleged target, only experienced minor disruption for a limited time, however.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Cyber pros say the buck stops with the board when it comes to security failingsNews Fines, sanctions, and even prosecution are all on the table when it comes to cyber failings, practitioners believe
-
Does the US AI Action Plan add up and how will it change the global AI landscape?Long read Businesses should expect to feel benefits in the short term, especially AI developers with potential to land government contracts – but experts warn of risks on the horizon
-
Cyber pros say the buck stops with the board when it comes to security failings
News Fines, sanctions, and even prosecution are all on the table when it comes to cyber failings, practitioners believe
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malwareNews Researchers say the tool is already achieving the “gold standard” in malware classification
-
Employee distraction is now your biggest cybersecurity riskNews Workplace distraction is the top reason organizations fall victim to cyber attacks, according to new research.
-
Apple just released an emergency patch for a zero-day exploited in the wild – here’s why you need to update nowNews Apple is warning millions of users of iPhones, iPads and Macs to update their software to protect against an out-of-bounds write vulnerability
-
Cyber teams are struggling to keep up with a torrent of security alertsNews Fragmented identity security processes are creating blind spots, and the proliferation of tools doesn't help
-
The Allianz Life data breach just took a huge turn for the worseNews Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
-
US authorities just took down 'one of the most powerful DDoS botnets to ever exist’ with help from AWSNews The Rapper Bot botnet was responsible for a series of large-scale DDoS attacks on government agencies and tech companies. Now it's gone.
-
UK telecoms firm takes systems offline after cyber attackNews The Warlock ransomware group said it was selling a million stolen documents
