Four arrested over M&S, Co-op and Harrods cyberattacks

Suspects, aged 20 and younger, arrested at home

The UK National Crime Agency (NCA) has announced the arrest of four individuals suspected to be connected to the spate of ransomware attacks on UK retailers earlier this year.

The four suspects - two men aged 19, a male of 17 and a woman aged 20 - were arrested at their homes on suspicion of blackmail, money laundering, participating in the activities of an organised crime group and offences under the Computer Misuse Act.

According to the BBC, one of the 19-year-old suspects is from Latvia, with the other three being UK nationals.

In a statement, head of the NCA's National Cyber Crime Unit Paul Foster, said: "Today's arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice.

"Cyberattacks can be hugely disruptive for businesses and I'd like to thank M&S, Co-op and Harrods for their support to our investigations.”

The attacks on M&S, Co-op and Harrods have been attributed to Scattered Spider - a loose affiliation of hackers, many thought to have English as their first language - and ransomware-as-a-service group DragonForce.

An attack in April crippled M&S’s website and online ordering system, so far costing the retailer around £300 million and led to customers’ data being stolen. A couple of weeks later, the Co-op was hit by a similar attack, although in this case it managed to mitigate the worst of the damage. In all the UK Cyber Monitoring Centre said the attacks on M&S and the Co-op could cost as much as up to £440 million.

In May, hard on the heels of the Co-op attack, luxury department store Harrods confirmed that it had experienced "attempts to gain unauthorised access" to its systems, prompting immediate action from its IT security team.

Fashion brands affected Dior, Adidas, Cartier, Victoria’s Secret and NorthFace also suffered breaches in a wave of attacks on retailers in May.

Scattered Spider hackers have also targeted the insurance sector, and the FBI warned in July that the group was turning its attention to airlines. It has not yet been publicly confirmed whether the group was responsible for a data breach at Qantas.