UK Arrests Woman and Three Men for Cyberattacks on M&S Co-op and Harrods

In a major development, the UK’s National Crime Agency (NCA) has announced the arrest of four individuals in connection with a series of cyberattacks that impacted major UK retailers Marks & Spencer (M&S), Co-op Group, and Harrods in April and May 2025. These arrests mark a crucial step in an ongoing investigation that remains a top priority for the agency.

The cyber criminals gained access to the retailers’ computer systems through aggressive social engineering tactics, which involve manipulating individuals to gain confidential information or access. This likely involved exploiting a common third-party supplier. The attacks caused considerable disruption, particularly for M&S, which saw its online shopping suspended and food deliveries affected. Even nearly three months later, M&S has not fully recovered, with its chairman, Archie Norman, estimating a cost of £300 million in lost profits due to the incident.

M&S customers were also instructed to change their account passwords following a significant data theft. The company expects its operations to be affected until late July, with some IT systems not fully operational until October or November.

While Co-op and Harrods also faced intrusions, they proved more resilient, and the impact on their operations was less severe. Co-op had to disconnect some IT systems, and Harrods also shut off systems to mitigate damage. The attacks involved malicious software, or ransomware, which scrambles data and demands payment for its release.

The four individuals, as per the NCA’s press release, including two men aged 19, a 17-year-old male, and a 20-year-old woman, were apprehended early on Thursday morning, July 10, 2025, at their homes across London, Staffordshire, and the West Midlands. One of the 19-year-old men is from Latvia, while the others are British nationals.

They are suspected of multiple offences under the Computer Misuse Act of 1990, a law that criminalises unauthorised access to computer material, as well as blackmail, money laundering, and participating in the activities of an organised crime group. Electronic devices have been seized from their properties for detailed forensic examination.

The NCA’s operation received support from the West Midlands Regional Organised Crime Unit (ROCU) and the East Midlands Special Operations Unit. Paul Foster, Deputy Director of the NCA’s National Cyber Crime Unit, praised the swift progress, stating that “Today’s arrests are a significant step in that investigation.”

He emphasised that the collaboration with affected organisations like M&S, Co-op, and Harrods was vital to the investigation’s success, highlighting the importance of businesses engaging with law enforcement after cyber incidents. The investigation continues with international partners to bring all responsible parties to justice.