By
Reuters
Published
July 10, 2025
Four people under the age of 21 have been arrested as part of a police investigation into cyberattacks that disrupted the operations of UK retailers Marks & Spencer, the Co-op Group and Harrods, Britain’s National Crime Agency said on Thursday.
April’s ransomware attack on Marks & Spencer, one of the most recognized names in British retail, was the most severe—forcing the company to suspend online clothing sales for nearly seven weeks and costing it approximately £300 million ($400 million) in operating profit.
The NCA said three males—two aged 19 and one aged 17—and a 20-year-old woman were detained in the West Midlands and London on suspicion of offenses under the Computer Misuse Act, as well as blackmail, money laundering and involvement in organized crime.
All four were arrested at their homes, had their electronic devices seized and were being questioned by the NCA’s National Cyber Crime Unit.
On Tuesday, Marks & Spencer Chairman Archie Norman told lawmakers that the retailer had also contacted the U.S. FBI regarding the cyberattack.
He said that “loosely aligned parties” appeared to have coordinated their actions under the suspected leadership of a group known as DragonForce.
Norman urged that British businesses should be legally required to report material cyberattacks, noting that two recent major attacks on large UK companies had gone unreported.
Marks & Spencer resumed online clothing orders on June 10 following a 46-day suspension, although click-and-collect services have not yet been restored.
Last week, CEO Stuart Machin told investors that the group expects to move past the worst of the disruption by August.
© Thomson Reuters 2025 All rights reserved.
