British Teenagers Behind M&S Hacking Spree Arrested

Four young individuals — three male teenagers and a 20-year-old woman — have been arrested in connection with cyber attacks targeting major UK retailers Marks & Spencer, the Co-op, and Harrods.

The arrests were carried out early Thursday by the National Crime Agency (NCA) in coordination with local police forces. The cyber attacks, which occurred earlier this year and have been linked to the hacker group known as Scattered Spider, caused significant disruption. M&S alone suffered £300 million in losses after being forced to suspend its online operations.

Those taken into custody include a 17-year-old British boy and a 19-year-old Latvian man in the West Midlands, a 19-year-old British man in London, and a 20-year-old British woman in Staffordshire. They were arrested on suspicion of conspiring to gain unauthorised access to computer systems with the intent to commit further crimes, including blackmail, money laundering, and involvement in organised crime. Authorities also seized digital devices from all four individuals.

Paul Foster, head of the NCA’s National Cyber Crime Unit, described the arrests as a major development in an investigation that remains a top priority. He said NCA cybercrime experts have been working intensively on the case and are continuing efforts in collaboration with domestic and international partners to bring all responsible parties to justice.

Marks & Spencer responded positively to the arrests, with a spokesperson thanking the NCA for its dedicated investigation.

The cyber intrusions are believed to have been carried out using social engineering tactics, where attackers pose as employees or contractors to infiltrate systems. M&S chairman Archie Norman told MPs this week that the company endured immense pressure following the breach, with cybersecurity staff sleeping only a few hours per night. He described the experience as “traumatic” and “like an out-of-body experience.”

Although the company has not confirmed whether a ransom was paid, it continues to recover from the April incident and anticipates that its systems will be fully restored by the end of this month.

Mr. Foster urged other cyber attack victims to come forward, warning that many incidents likely remain unreported.