The UK’s National Crime Agency (NCA) has arrested four individuals suspected of orchestrating cyberattacks against retailers Marks & Spencer (M&S), Co-op, and Harrods. On July 10, 2025, the suspects were detained in the West Midlands and London as part of an extensive probe into the disruptive cyberattacks that occurred earlier this year.
The suspects include two 19-year-old males, a 17-year-old male, and a 20-year-old female. They face charges under the Computer Misuse Act, blackmail, money laundering, and involvement in an organized crime group. Among them is a 19-year-old Latvian national, while the others are British.
Coordinated Raids and Forensic Seizures Mark Arrests
Police conducted coordinated early morning raids at the suspects’ homes, seizing multiple electronic devices for digital forensic analysis. Neighbors in Staffordshire reported a significant police presence, with officers wearing balaclavas breaking down doors and collecting evidence. The West Midlands Regional Organized Crime Unit and the East Midlands Special Operations Unit supported the operation.
Paul Foster, Deputy Director and head of the NCA’s National Cyber Crime Unit, described the arrests as a “significant step” in an investigation that remains a high priority. He highlighted ongoing collaboration with UK and international law enforcement partners to ensure all responsible parties are identified and prosecuted.
“Cyberattacks can be hugely disruptive for businesses,” Foster said, thanking M&S, Co-op, and Harrods for their cooperation. He urged future victims to engage with law enforcement, noting that the NCA and policing agencies are ready to assist.
Impact of Retail Cyberattacks on M&S, Co-op, and Harrods
The cyberattacks, which began in mid-April 2025, have severely affected retailers. Co-op suffered weeks of empty shelves due to disrupted supply chains. M&S revealed that some IT systems might not be fully restored until October or November, with estimated losses of £300 million in profits. The chairman of M&S described the incident as a “deliberate attempt to destroy the business.”
Victims of cybercrime are encouraged to use the Government’s Cyber Incident Signposting Site for clear guidance on reporting incidents and accessing support, helping to improve coordination between businesses and law enforcement. The recent arrests send a clear message that retail cyberattacks are being taken seriously, but as these threats grow more frequent, ongoing investigations, advanced forensic efforts, and strong collaboration will be crucial to protecting UK retailers and consumers alike.
