Cybercrime

UK arrests four for cyberattacks on major British retailers

The U.K.’s National Crime Agency claims the four were involved in attacks on Marks & Spencer. The cybersecurity industry attributed those attacks to Scattered Spider.

By Greg Otto

July 10, 2025

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

The exterior of a Marks & Spencer store photographed on February 18, 2023 in London, England. Four people have been arrested in connection with the cyberattacks on the UK retailer. (Getty Images)

Three teenagers and a 20-year-old woman were arrested Thursday by the U.K.’s National Crime Agency for their alleged role in cyberattacks on major retailers Marks & Spencer (M&S), Co-op, and Harrods.

The arrests, comprising British and Latvian nationals, followed sustained investigations into attacks that crippled the retailers’ operations. The NCA’s National Cyber Crime Unit detained all four at their homes and seized their electronic devices.

“Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the Agency’s highest priorities,” Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said in a statement. “Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the U.K. and overseas, to ensure those responsible are identified and brought to justice.”

The particular incidents that led to these arrests occurred in April, with attackers crippling the online services of Marks & Spencer, a popular retailer in the U.K. The company’s online sales channels were halted, contactless payments and click-and-collect options were disrupted, and in-store product availability suffered. The attack also resulted in the theft of customer information, including names, email addresses, and postal data. Recovery efforts began in June, with the retailer eventually restoring sections of its online business across the U.K.

Industry experts and law enforcement agencies in several countries have attributed the attacks to a cybercriminal group known as Scattered Spider. The loose-knit collective has infiltrated more than 100 businesses since 2022, hitting organizations in hospitality and gaming, manufacturing, technology and cloud services, telecommunications, retail, manufacturing, food production, insurance and financial services, media, apparel, business process outsourcing, health care, transportation and aviation, according to researchers.

The group is allegedly also behind cyberattacks on several U.S.-based insurance companies, United Natural Foods, and aviation companies WestJet and Hawaiian Airlines.

The group is an offshoot of The Com, a much larger grassroots network of more than 1,000 people responsible for a vast catalog of crimes, including social engineering, crypto theft, phishing, SIM swapping, extortion, sextortion, swatting, kidnapping and murder.

All four arrested are being held on suspicion of violating the U.K.’s Computer Misuse Act, blackmail, money laundering and participating in the activities of an organized crime group.