July 10, 2025

Four young people, including a 17-year-old boy and a 20-year-old woman, have been arrested in a major cybercrime investigation linked to high-profile attacks on Marks & Spencer, the Co-op and Harrods.

The National Crime Agency (NCA), working in coordination with local police forces, detained the suspects early on Thursday in connection with a string of damaging hacks believed to be carried out by a group known as Scattered Spider — an international cybercrime network infamous for its use of social engineering tactics.

Among those arrested were, a 17-year-old British boy and a 19-year-old Latvian man, both apprehended in the West Midlands; a 19-year-old British man in London and a 20-year-old British woman in Staffordshire.

All four are suspected of conspiring to gain unauthorised access to computer systems, with further suspicions of blackmail, money laundering, and participating in the activities of an organised crime group. They remain in custody, and digital devices have been seized as part of the investigation.

The cyber attacks, which took place earlier this year, are reported to have cost Marks & Spencer an estimated £300 million, after the retailer was forced to suspend its online operations. The precise financial impact on the Co-op and Harrods has not been disclosed.

In a statement, M&S said: “We welcome this development and thank the NCA for its diligent work on this incident.”

The attackers are believed to have used social engineering methods — impersonating employees or contractors to infiltrate company systems and gain access to sensitive infrastructure.

During a parliamentary committee hearing earlier this week, M&S chair Archie Norman declined to comment on whether the company had paid a ransom to the hackers, amid speculation that ransomware may have been involved.

Paul Foster, head of the NCA’s National Cyber Crime Unit, described the arrests as a significant breakthrough: “Since these attacks took place, specialist NCA cybercrime investigators have been working at pace. Today’s arrests are a significant step in that investigation, but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice.”

Foster also praised the cooperation of the affected companies, and urged other potential victims of cybercrime to report attacks:

“We know that many incidents go unreported, and we encourage all organisations, no matter their size, to come forward if they believe they’ve been targeted.”

The Scattered Spider group has emerged as a highly organised and technically sophisticated cybercrime outfit, known for targeting major corporations through deception, phishing, and insider impersonation. Experts say the group often recruits tech-savvy young people online, some of whom may not fully grasp the legal consequences of their actions.

The investigation remains ongoing, and the NCA has not ruled out further arrests.

Read more:
British teens arrested over £300m Marks & Spencer hacking spree