Four individuals, including three teenagers, have been arrested in connection with a series of cyberattacks earlier this year targeting major UK retailers Marks & Spencer, Co-op, and Harrods. The National Crime Agency (NCA) confirmed the detentions of two 19-year-old men, a 17-year-old boy, and a 20-year-old woman across locations in the West Midlands, Staffordshire, and London. They face charges including violations of the Computer Misuse Act, blackmail, money laundering, and involvement in organized crime. Initially, investigators suspected international hacking groups, but the focus has since shifted to a UK- and US-based group known as Scattered Spider, whose members are primarily English speakers.

Details of the Arrests

The arrests, carried out early Thursday morning, were part of a coordinated operation led by the NCA's National Cyber Crime Unit, with assistance from regional organised crime units in the West and East Midlands. Authorities seized electronic devices during the raids, which drew public attention in Staffordshire due to a heavy police presence and masked NCA officers entering a family home.

Figure 1. Four Arrested Over M&S and Co-op Cyberattacks

Paul Foster, head of the NCA's cybercrime unit, described the arrests as “a significant step” in an ongoing investigation that remains a top priority. He emphasised that efforts are continuing, both domestically and internationally, to identify and prosecute those behind the cyberattacks. Figure 1 shows Four Arrested Over M&S and Co-op Cyberattacks.

Fallout for the Victims

The cyberattacks, which began in mid-April, caused significant disruption to the affected retailers. M&S was severely impacted, with hackers gaining access to large volumes of sensitive customer and staff data and deploying ransomware that crippled the company’s IT systems. This led to the closure of M&S’s online store for nearly seven weeks, resulting in estimated financial losses of around US$376 million in lost profits.

Shortly after, Co-op suffered a similar breach, with criminals accessing personal data of millions of customers and employees. The breach became public when hackers leaked evidence to the media, contradicting the retailer’s initial attempts to minimize the incident. However, by quickly disconnecting their IT systems from the internet, Co-op prevented ransomware deployment and reduced further damage.

Luxury retailer Harrods was also targeted by May 1, but the impact was less severe as the store limited internet access to block unauthorized intrusions.

A Challenging Year for Cybersecurity

The arrests came after M&S Chair Archie Norman revealed to MPs that two other major UK companies had also suffered undisclosed cyberattacks this year. Norman described the M&S breach as “traumatic,” calling it a deliberate attempt to cripple the business.

M&S expects disruptions to continue through late July, with full IT system restoration likely delayed until October or November [1]. Norman expressed appreciation for the cooperation of M&S, Co-op, and Harrods with the investigation, urging other cyberattack victims to engage with law enforcement early in the process.

Meanwhile, cybersecurity expert Elliot Dellys, CEO of Australian firm Phronesis Security, noted that the decentralised nature of the Scattered Spider group complicates enforcement. Unlike traditional ransomware operations with central leadership, Scattered Spider comprises loosely connected young hackers in the UK and US, making coordinated law enforcement action challenging.

M&S and Co-op Issue Statements

Following the arrests, spokespersons for M&S and Co-op issued statements. An M&S representative expressed gratitude, saying, “We welcome this development and thank the NCA for its diligent work on this incident.” Similarly, a Co-op spokesperson emphasized the seriousness of cybercrime, stating, “Hacking is not a victimless crime. We have fully cooperated with the NCA and relevant authorities throughout, and are pleased these arrests have been made on behalf of our members.”

References:

1. https://cybermagazine.com/articles/what-next-as-arrests-made-over-uk-supermarket-cyberattacks

Cite this article:

Janani R (2025), Four Arrested Over M&S and Co-op Cyberattacks, AnaTechMaz, pp. 197