BREAKING: Arrests Made in M&S, Co-op, and Harrods Cyber-Attack Investigation

Published: July 15, 2025
Author: Cybergen Team

The UK’s National Crime Agency (NCA) has made a major breakthrough in one of the most high-profile cyber investigations of the year. Four individuals aged between 17 and 20 have been arrested in connection with the devastating April 2025 cyber-attacks on Marks & Spencer (M&S), Co-op, and Harrods.

The suspects—two 19-year-olds, a 17-year-old, and a 20-year-old woman—were detained across the West Midlands, Staffordshire, and London. They are being held on suspicion of several serious offences under the Computer Misuse Act, including blackmail, money laundering, and involvement in organised crime.

The Investigation

Led by the NCA's National Cyber Crime Unit, this investigation has been a top priority since the attacks crippled operations at some of the UK’s most recognisable retail brands. According to authorities, digital forensic experts have begun analysing electronic devices seized during the arrests, with more developments expected in the coming weeks.

These arrests are being seen as a major step forward in dismantling the network behind the breaches.

The Cyber Attack: What Happened?

The attack was attributed to Scattered Spider, a notorious cybercrime group linked to multiple high-profile intrusions. The group is believed to have used advanced social engineering tactics, including SIM-swapping and phishing, to gain access to internal systems. Once inside, they deployed ransomware using the DragonForce platform to encrypt key systems and extort payment.

Marks & Spencer alone is reported to have suffered financial losses of up to £300 million, making this one of the most damaging cyber-attacks on a UK business in recent memory.

Click here to read more into it.

Why This Matters

This case underscores the growing threat of organised cybercrime, especially from younger, tech-savvy individuals capable of using sophisticated tools and techniques. It also highlights the importance of cyber resilience, employee training, and multi-layered security in protecting businesses from social engineering attacks.

The arrests will no doubt be welcome news to impacted businesses and consumers, but they also serve as a reminder: cybersecurity is no longer just an IT issue, it's a business-critical priority.

Summary

Who was arrested?

Four suspects (ages 17–20) arrested in the West Midlands, Staffordshire, and London on July 10, 2025.

What are the charges?

Suspected violations include the Computer Misuse Act, blackmail, money laundering, and participating in organised crime.

Which hack was this?

The April 2025 cyber‑attacks that severely disrupted online orders at M&S (nearly seven-week pause), Co‑op, and Harrods.

Who’s behind it?

The perpetrators are linked to the Scattered Spider hacking group and the DragonForce ransomware‑as‑a‑service operation.

Next steps?

The arrested suspects remain in custody and are being questioned as digital forensic investigations proceed. The NCA continues international cooperation to identify all involved parties.