Four Arrested in Connection with Major Retail Cyber-Attacks on M&S and Co-op

In a significant development in the ongoing investigation into the cyber-attacks that crippled major retailers Marks & Spencer and the Co-op, the UK’s National Crime Agency (NCA) has announced the arrest of four individuals. The operation, which involved early morning raids on Thursday, saw a 20-year-old woman arrested in Staffordshire and three males, aged between 17 and 19, detained in London and the West Midlands. These arrests mark a crucial step forward in the NCA’s efforts to bring those responsible for the extensive digital disruption to justice.

The individuals were apprehended on suspicion of serious offenses, including violations of the Computer Misuse Act, blackmail, money laundering, and actively participating in the activities of an organised crime group. The NCA confirmed that all four suspects were arrested at their respective homes, and a significant seizure of electronic devices was made during the coordinated raids. Among the arrested is a 19-year-old man from Latvia, while the other three are UK nationals.

Paul Foster, the head of the NCA’s National Cyber Crime Unit, hailed the arrests as a “significant step” in the ongoing investigation. He emphasized that the agency, in collaboration with domestic and international partners, remains committed to identifying and prosecuting all individuals involved in these disruptive attacks. The coordinated efforts underscore the serious nature of the crimes and the multi-agency approach required to combat sophisticated cyber threats.

The cyber-attacks, which began in mid-April, have had a profound impact on the operations of both M&S and the Co-op. The Co-op experienced significant disruptions, leading to bare shelves in some stores for weeks, while M&S anticipates its operations will be affected until late July, with some critical IT systems not expected to be fully restored until October or November. The chairman of M&S described the incident to MPs as an “attempt to destroy the business,” estimating the financial impact at approximately £300 million in lost profits. The luxury retailer Harrods also fell victim to a similar attack, though its operational impact was less severe.

The breaches involved the theft of substantial amounts of private data belonging to both customers and staff. In the case of M&S, criminals deployed ransomware, a type of malicious software that encrypts IT networks, rendering them unusable without the payment of a ransom. The BBC previously reported that the hackers had sent an offensive email directly to the M&S boss demanding payment. Following the M&S breach, the Co-op was also targeted, with millions of customer and staff records compromised. The Co-op was initially criticized for downplaying the severity of the attack, but later admitted the breach after hackers provided proof to the BBC.

In a critical moment, the Co-op managed to disconnect its IT networks from the internet just in time to prevent the ransomware from being deployed, thereby mitigating even greater disruption. Shortly after the Co-op announced its breach, Harrods reported a similar incident, forcing the disconnection of its IT systems to prevent further unauthorized access. The detailed breakdown of the arrested individuals includes a 17-year-old British male from the West Midlands, a 19-year-old British man from London, a 19-year-old Latvian male from the West Midlands, and a 20-year-old British woman from Staffordshire. The NCA highlighted that the operation received vital support from officers within the West Midlands Regional Organised Crime Unit and the East Midlands Special Operations Unit, showcasing a unified front against cybercrime.