The U.K. National Crime Agency (NCA) has announced the arrest of four individuals in connection with a series of cyber attacks that caused significant disruption and financial impact to prominent British retailers Marks & Spencer, Co-op, and Harrods. The arrests, made on Thursday, July 10, 2025, signify a major breakthrough in the ongoing investigation into the costly breaches.
The arrested individuals include two 19-year-old men, a 17-year-old male, and a 20-year-old woman. They were apprehended in the West Midlands and London on suspicion of various offenses, including Computer Misuse Act violations, blackmail, money laundering, and participating in an organized crime group. Their electronic devices have been seized for forensic analysis as part of the continuing probe.
The cyber attacks, which occurred in April 2025, have been classified as a “single combined cyber event” by the Cyber Monitoring Centre (CMC). The financial fallout from these incidents is estimated to be between £270 million ($363 million) and a staggering £440 million ($592 million).
Marks & Spencer suffered the most severe impact, facing a nearly seven-week suspension of its online clothing and homeware orders, resulting in an estimated £300 million hit to its operating profits. The Co-op also experienced disruptions, with reports indicating customer data theft and payment issues, while luxury department store Harrods restricted online access due to unauthorized system access attempts.
While the NCA has not publicly named the organized crime group involved, it is widely believed that some of these attacks were perpetrated by Scattered Spider, a decentralized cybercrime group notorious for its sophisticated social engineering tactics and deployment of ransomware. Scattered Spider is also part of a larger, loosely-knit collective known as The Com, which is associated with a range of illicit activities including phishing, SIM swapping, and extortion. Marks & Spencer Chairman Archie Norman had previously mentioned contact with the US FBI and a group called DragonForce in connection with the cyberattack.
Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, stated, “Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the U.K. and overseas, to ensure those responsible are identified and brought to justice.”
The investigation remains a top priority for the NCA, underscoring the severe impact cybercrime can have on businesses and the broader economy.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.