By Emeka Blast 
Cyber Crime Probe Leads to Four Arrests Linked to UK Retail Giants
The UK’s National Crime Agency (NCA) has arrested four young individuals—three teenagers and a 20-year-old woman—in connection with a series of high-profile cyber attacks targeting major British retailers Marks & Spencer (M&S), Co-op, and Harrods. The arrests, made early Thursday morning across the West Midlands, Staffordshire, and London, mark a significant breakthrough in an investigation into attacks that caused widespread disruption and financial losses estimated between £270 million and £440 million.
The suspects, including a 17-year-old British male and a 19-year-old Latvian male from the West Midlands, a 19-year-old British male from London, and a 20-year-old British woman from Staffordshire, were detained on suspicion of blackmail, money laundering, violations of the Computer Misuse Act, and participating in an organized crime group. Their electronic devices were seized for forensic analysis, and all remain in custody as the NCA continues its probe.
The cyber attacks, which began in April 2025, severely disrupted the retailers’ operations. M&S, the first to be hit, was forced to suspend online orders for nearly seven weeks, with contactless payments and click-and-collect services also affected, leading to empty shelves and an estimated £300 million profit loss. Co-op faced a similar assault in April, with hackers stealing personal data of millions of customers and employees, disrupting payments and stock replenishment. Harrods, targeted on May 1, restricted internet access to its systems as a precaution, minimizing operational impact but confirming unauthorized access attempts.
Cybersecurity experts attribute the attacks to the Scattered Spider hacking group, known for sophisticated social engineering tactics like impersonating employees to trick IT help desks into resetting passwords. The group, also linked to the DragonForce ransomware-as-a-service operation, allegedly deployed ransomware to lock critical systems and demanded payments, with M&S receiving an offensive email from hackers. Co-op narrowly avoided ransomware deployment by disconnecting IT networks in time.
Paul Foster, head of the NCA’s National Cyber Crime Unit, called the arrests a “significant step” but emphasized that the investigation remains a top priority, with ongoing collaboration with UK and international partners. “Cyber attacks can be hugely disruptive for businesses, and I’d like to thank M&S, Co-op, and Harrods for their support,” Foster said, urging other potential victims to engage with law enforcement.
The attacks exposed vulnerabilities in retail cybersecurity, with experts like Xavier Sheikrojan of Signifyd noting that retailers’ vast stores of identity and payment data make them prime targets. The UK’s National Cyber Security Centre (NCSC) has since urged retailers to strengthen IT help desk authentication processes to prevent similar breaches. M&S chairman Archie Norman described the attack as “traumatic,” revealing to MPs that two other major British companies were also hit by unreported cyber attacks recently.
Public reaction on X has been intense, with users like @TheCyberSecHub praising the NCA’s swift action, while @CityAM highlighted the theft of millions of customer records. The financial toll, including a 12% drop in M&S shares since April, underscores the long-term risks of lost trust and reputational damage. As the NCA continues its efforts to dismantle the hacking network, the retail sector faces growing pressure to bolster defenses against increasingly sophisticated cyber threats.
