UK Arrests Four Linked to M&S, Harrods Cyberattacks

The UK's National Crime Agency has made significant strides in its investigation into a series of disruptive cyberattacks that targeted leading British retailers earlier this year. In a statement released on Thursday, the agency announced the arrest of four individuals, three of whom are British nationals and one of whom is a 19-year-old male from the West Midlands with Latvian nationality.

The arrests were made in connection with an investigation into hacks in April that targeted Marks & Spencer Group Plc, Co-Op, and Harrods. The attack on M&S locked down the company's internal systems with ransomware, causing weeks of disruption to online sales and an estimated £300 million ($408 million) hit to its operating profit.

Meanwhile, the Co-Op said hackers stole data from its internal systems on "a significant number" of its customers. The incident has had a profound impact on both retailers, with M&S struggling to regain customer trust after weeks of disruption and the Co-Op facing potential reputational damage as a result of the breach.

"Today's arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice," said Paul Foster, head of the National Crime Agency's cybercrime unit. Foster emphasized that the agency is committed to tackling organized crime groups and their associates, who pose a significant threat to individuals and businesses alike.

A spokesperson for M&S welcomed the development and thanked the crime agency "for its diligent work on this incident." The Co-Op also expressed gratitude, stating that its members are pleased with the outcome of the arrests. Harrods did not respond to a request for comment at the time of writing.

According to sources, the suspects were arrested at their home addresses on Thursday and had electronic devices seized by the National Crime Agency. The agency declined to comment on whether those arrested were affiliated with Scattered Spider, a loosely affiliated English-speaking hacking gang that targets companies and individuals. It is believed that the hackers worked with another cybercrime gang, known as DragonForce, to carry out the UK retail attacks.

Dragonforce rents out malicious software, known as ransomware, to other hackers. Typically, ransomware encrypts files stored on computers and the hackers then demand payment in cryptocurrency to unlock the files. The incident occurred as a result of "sophisticated impersonation" of one of the retailer's third-party users, Marks & Spencer Chairman Archie Norman told a UK parliamentary committee on Wednesday.

"It's fair to say that everybody at M&S experienced it," he said. "We're still in the rebuild mode and will be for some time to come." Though things would return to normal for customers by the end of this month, Norman added that the incident highlighted the need for greater vigilance from retailers and their customers.