Four individuals have been arrested across the UK for their involvement in cyber attacks on major retailers including Marks & Spencer, Co-op Group, and Harrods in April and May 2025. The suspects face charges under the Computer Misuse Act, blackmail, and money laundering. The attacks were conducted using social engineering tactics, affecting M&S significantly, with online shopping suspended. The investigation, prioritized by the National Crime Agency, involves international law enforcement collaboration to identify and prosecute those responsible.
The arrests of two men aged 19, a third aged 17 and a 20-year-old woman were made at their home addresses in London, Staffordshire, and the West Midlands, with support from West Midlands Regional Organised Crime Unit (Rocu) and the East Midlands Special Operations Unit.
The attacks, which unfolded in the space of around 10 days during the spring, saw cyber criminals gain access to the victimized retailers' systems via social engineering tactics.
For M&S, it resulted in the suspension of online shopping and disruption to food deliveries as IT security staff worked overtime and slept in the office at the height of the chaos.
Since these attacks took place, specialist NCA cyber crime investigators have been working at pace and the investigation remains one of the agency's highest priorities.
Collection
[
|
...
]