Post

UK NCA Arrests Four in Connection with M&S, Co-op, and Harrods Cyberattacks

The UK National Crime Agency (NCA) has arrested four individuals, including three teenagers, in connection with major cyberattacks on prominent retailers M&S, Co-op, and Harrods. Learn about the arrests, the impact of the attacks, and the ongoing investigation.

UK NCA Arrests Four in Connection with M&S, Co-op, and Harrods Cyberattacks

TL;DR

The UK National Crime Agency (NCA) has arrested four individuals, including three teenagers, in connection with significant cyberattacks targeting major retailers M&S, Co-op, and Harrods. The arrests follow an extensive investigation into the cyberattacks, which caused substantial financial losses and operational disruptions. The NCA continues to collaborate with domestic and international partners to bring all responsible parties to justice.

UK NCA Arrests Four in Connection with Major Cyberattacks on M&S, Co-op, and Harrods

The British National Crime Agency (NCA) has arrested four individuals in the UK following an investigation into a wave of cyberattacks targeting major retailers Co-op, M&S, and Harrods. The arrests, made on July 10, include three teenagers and one adult aged 17 to 20, with one suspect being Latvian. Law enforcement seized electronic devices for evidence during the operation1.

Arrest Details and Charges

According to the NCA’s press release, the individuals were apprehended in the West Midlands and London. They face charges under the Computer Misuse Act, as well as allegations of blackmail, money laundering, and participation in organized crime1.

“Four people have been arrested in the UK as part of a National Crime Agency investigation into cyber attacks targeting M&S, Co-op and Harrods. Two males aged 19, another aged 17, and a 20-year-old female were apprehended in the West Midlands and London this morning (10 July) on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group.”1

Impact of the Cyberattacks

The cyberattacks on these prominent British retailers resulted in massive disruptions and substantial financial losses. The Cyber Monitoring Centre (CMC) classified the attacks on Marks & Spencer and Co-op as a Category 2 systemic event, with estimated losses ranging from £270 million to £440 million2.

DragonForce Group Involvement

The group behind the attacks, known as DragonForce, claimed responsibility for the data breaches. They reportedly stole data from the Co-op and attempted to hack Harrods, accessing internal communications and leaking staff credentials and customer records3.

The DragonForce ransomware group is known for scrambling victims’ data and demanding ransom. They operate a cybercrime affiliate service, allowing affiliates to use their tools to launch attacks and extort victims. The group is believed to be composed of English-speaking teenagers and operates through Telegram and Discord channels3.

Ongoing Investigation and Collaboration

Deputy Director Paul Foster of the NCA’s National Cyber Crime Unit emphasized the significance of the arrests and the ongoing investigation:

“Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice.”1

The NCA expressed gratitude to M&S, Co-op, and Harrods for their cooperation and encouraged future victims to seek support and engage with law enforcement.

Economic Impact and Analysis

The CMC assessed the M&S and Co-op cyberattacks as a single major incident due to shared timing, common threat actors, and similar tactics. The attacks caused significant business disruptions, with M&S alone anticipating a £300 million impact in 2025/26. The financial toll primarily stemmed from lost sales and business interruptions rather than IT damages4.

“Using available data and established modelling, the CMC estimates the total financial impact of the event across affected parties at £270 million – £440 million.”4

Conclusion

The arrests made by the NCA represent a critical milestone in the investigation into the cyberattacks on M&S, Co-op, and Harrods. As the investigation progresses, the collaboration between law enforcement agencies and affected organizations will be crucial in mitigating future threats and enhancing cyber resilience.

Additional Resources

For further insights, check:

References

  1. “National Crime Agency” (2025). “Retail cyber attacks: NCA arrest four for attacks on M&S, Co-op and Harrods”. National Crime Agency. Retrieved 2025-07-10. ↩︎ ↩︎2 ↩︎3 ↩︎4

  2. “Security Affairs” (2025). “The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M”. Security Affairs. Retrieved 2025-07-10. ↩︎

  3. “Security Affairs” (2025). “DragonForce group claims the theft of data after Co-op cyberattack”. Security Affairs. Retrieved 2025-07-10. ↩︎ ↩︎2

  4. “Cyber Monitoring Centre” (2025). “Cyber Monitoring Centre statement on ransomware incidents in the retail sector – June 2025”. Cyber Monitoring Centre. Retrieved 2025-07-10. ↩︎ ↩︎2

This post is licensed under CC BY 4.0 by the author.