LONDON: The National Crime Agency (NCA) has arrested four suspects—three British teens aged 17–19 and a 20-year-old woman—in connection with spring 2025 cyberattacks targeting Marks & Spencer (M&S), Co‑op, and Harrods. Raids were conducted across the West Midlands, Staffordshire, and London. The suspects face charges under the Computer Misuse Act, blackmail, money laundering, and participation in organised crime. Authorities seized electronic devices for forensic examination.
Retail Giants Collapsed Amid ₹3,225 crore Damage
The April attack on M&S paralysed online ordering and emptied store shelves, resulting in an estimated ₹3,225 crore (£300 million) in lost sales and downtime lasting nearly seven weeks. Co‑op suffered payment disruptions and widespread restocking delays, particularly affecting remote communities. Harrods also restricted online services in May following unauthorised access attempts.
The NCA’s deputy director in cybersecurity emphasised the arrests as a “significant step,” although he acknowledged the investigation is ongoing, with international cooperation underway.
A Sophisticated British Hacker Cell Exposed
Security experts identify the group as part of Scattered Spider, an English-speaking hacking collective linked to the DragonForce ransomware-as-a-service toolkit. Unusually, the group targeted IT help desks via phishing, social engineering, SIM swaps, and extortion tactics, escalating a new wave of youth-driven cybercrime across high-value retail networks.
Officials and corporate leaders, including M&S Chair Archie Norman, have called the attacks “traumatic,” warning about the rising tide of unreported incidents and urging formal ransomware disclosure protocols. Norman noted that M&S sought FBI assistance to supplement the NCA’s efforts.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Lessons and Next Moves
Retailers Fortify Defences
Affected businesses have since strengthened cyber defences, rolled out multi-factor authentication, and introduced enhanced help desk screening protocols. The NCA has started financial tracing of illicit funds and is coordinating globally to identify additional actors.
Public and Regulatory Alert
Experts urge firms across critical supply chains—including suppliers and logistics partners—to implement robust cybersecurity training, threat intelligence sharing, and mandatory incident reporting. The sophistication of this youth-led cyber ring serves as a warning: trusted employees and third-party systems are now prime targets in high-stakes ransomware campaigns.
About the Author – Sahhil Taware is a B.Sc. LL.B. (Hons.) student at National Forensic Sciences University, Gandhinagar, with a keen interest in corporate law and tech-driven legal change.