In a significant breakthrough against cybercrime, the National Crime Agency (NCA) in the UK has announced the arrest of four individuals suspected of involvement in recent high-profile cyberattacks that severely impacted major retailers Marks & Spencer, Co-op, and Harrods. The arrests, made across the West Midlands, London, and Staffordshire, represent a crucial step in the ongoing investigation into these disruptive and costly incidents.
The four suspects, identified as two 19-year-old men, a 17-year-old man, and a 20-year-old woman, were apprehended on suspicion of Computer Misuse Act offenses, blackmail, money laundering, and participation in an organized crime group. Electronic devices were seized from their homes for forensic analysis, and they remain in custody for questioning.
The attacks, primarily occurring in April and May 2025, caused widespread disruption. Marks & Spencer, for instance, suffered a ransomware attack that forced the suspension of online orders for nearly seven weeks, with estimated costs potentially reaching £300 million. The Co-op experienced payment disruptions and reports of empty shelves, while Harrods also faced unauthorized access attempts, leading to restricted internet access across its websites.
While the specific group responsible for all the attacks is still under investigation, cybersecurity experts and the M&S chairman, Archie Norman, have pointed towards “Scattered Spider” and “DragonForce” ransomware group as key players. Scattered Spider is known for its advanced social engineering tactics, often involving English-speaking individuals in the UK and US who deceive IT help desks to gain access. The collaboration between such groups and ransomware-as-a-service operations like DragonForce appears to be a growing threat.
These arrests highlight the collaborative efforts of law enforcement agencies, including the NCA’s National Cyber Crime Unit, the West Midlands Regional Organised Crime Unit, and the East Midlands Special Operations Unit, to combat sophisticated cybercriminal networks. The incidents also serve as a stark reminder of the evolving threat landscape, emphasizing the need for robust cybersecurity measures, particularly concerning third-party suppliers who can inadvertently become vulnerable entry points for attackers. The investigation remains ongoing, with authorities working to identify and bring to justice all those responsible.
Woman and three teenagers arrested over cyber attacks on M&S, Co-op and Harrods: Watch on YouTube
This video from ITV News discusses the recent arrests made in connection with the cyber attacks on M&S, Co-op, and Harrods, which is the most recent significant cyber attack event in the UK