In a significant development, the United Kingdom’s National Crime Agency (NCA) has apprehended four individuals suspected of orchestrating cyberattacks against prominent British retailers, including Marks & Spencer (M&S), Co-op, and Harrods. The arrests, carried out on July 10, 2025, involved three males aged 17, 19, and 19, and a 20-year-old woman. These individuals were detained at their residences in the West Midlands and London.
The suspects are facing allegations of hacking, blackmail, money laundering, and participation in an organized crime group. Authorities have seized electronic devices from the suspects, who are currently in custody for further questioning.
The cyberattacks, which occurred in April 2025, had a profound impact on the targeted retailers. M&S, for instance, was compelled to suspend online clothing sales for nearly seven weeks, resulting in an estimated loss of approximately £300 million in operating profit. Co-op experienced disruptions in payment systems and faced challenges in restocking shelves, while Harrods had to restrict online access due to order processing issues.
Investigations suggest that the cybercriminal group known as Scattered Spider may be linked to these attacks. This group is characterized by its loosely organized structure and is known for targeting large companies’ IT help desks to steal data for extortion purposes. Additionally, there are indications that DragonForce, a group supplying ransomware tools to other criminal gangs, including Scattered Spider, played a role in these incidents.
The NCA’s head of the National Cyber Crime Unit, Paul Foster, emphasized the significance of these arrests, stating, This marks a significant step in our investigation. However, our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice.
The cyberattacks have underscored the vulnerabilities within the retail sector’s cybersecurity infrastructure. Experts have highlighted the importance of timely breach disclosure, robust system patching, and comprehensive workforce education to mitigate such risks. The incidents have also prompted discussions about the necessity for businesses to report significant cyberattacks to authorities promptly.
As the investigation progresses, the NCA continues to collaborate with domestic and international partners to hold all responsible individuals accountable and to prevent future cyber threats targeting the retail sector.
