Four Arrested in Connection with UK Retail Cyberattacks
British law enforcement authorities have arrested four individuals under the age of 21 in connection with a series of major cyberattacks that targeted Marks & Spencer (M&S), Co-op, and Harrods, according to a statement released by the UK’s National Crime Agency (NCA) on Thursday.
The suspects, two 19-year-old males, a 17-year-old male, and a 20-year-old woman, were detained in London and the West Midlands on suspicion of:
- Computer Misuse Act violations
- Blackmail
- Money laundering
- Participation in organised crime
The arrests are linked to a wider investigation led by the NCA’s National Cyber Crime Unit (NCCU). All suspects were arrested at home, and multiple electronic devices were seized for forensic analysis.
M&S Cyberattack: £300 Million in Damages and Weeks of Disruption
The most devastating of the cyberattacks was the April 2025 ransomware breach on Marks & Spencer, which led to a 46-day suspension of its online clothing retail services. The shutdown reportedly caused an estimated £300 million ($400 million) hit to the company’s operating profits.
M&S Chairman Archie Norman told British lawmakers that the company had been working closely with the U.S. Federal Bureau of Investigation (FBI). He further revealed that a hacktivist group known as DragonForce may have orchestrated the attack, collaborating with “loosely aligned parties.”
Harrods and Co-op Also Targeted
Retail giants Harrods and Co-op also faced disruptions believed to be tied to the same hacking collective. Details on the full scope of damage to these businesses have not yet been released publicly.
Call for Cyberattack Reporting Legislation
During a parliamentary appearance, Norman emphasised the need for stricter cyberattack disclosure laws in the UK. He alleged that two major UK firms were also recently attacked but failed to report the breaches. “Companies should be legally required to report material cyberattacks,” Norman stated.
Online Services Still Recovering
While M&S resumed clothing orders online as of June 10, it has yet to restore its click-and-collect services. CEO Stuart Machin told investors last week that the company expects to fully recover from the fallout by August 2025.
What to Know About DragonForce and Cyber Threats in Retail
The DragonForce group, allegedly linked to this wave of cyberattacks, is believed to specialise in ransomware and data extortion, posing an escalating threat to global retail and supply chain infrastructure.
Experts warn that retailers must invest more heavily in cybersecurity and adopt AI-driven threat detection to safeguard customer data and business continuity.
Cybersecurity Now a Top Priority for UK Retail
With rising threats and millions in damages, UK retailers are being forced to re-evaluate their cybersecurity infrastructure. The latest arrests mark a turning point in law enforcement’s effort to crack down on cybercrime targeting major enterprises.
