cyber-attack

Retail Giants Hit: Four Arrested in £440M Cyber Attack

Today in Tech

02 Aug 2025 — 2 min read

Illustration of a ransomware attack.

Retail Giants Hit: Four Arrested in £440M Cyber Attack

In a dramatic turn of events, four individuals have been arrested in connection with a massive cyber attack that crippled operations at major UK retailers Marks & Spencer (M&S), Co-op, and Harrods. The attack, which took place in April 2025, caused an estimated £440 million in damages and widespread disruption.

Illustration of a ransomware attack.

The Cyber Attack: A Retail Nightmare

The cyber assault, identified as a sophisticated ransomware attack, brought chaos to the targeted retailers. Reports indicate that the attack severely impacted supply chains, online services, and in-store operations. Co-op stores, in particular, faced significant stock shortages, leaving shelves empty and customers frustrated. Marks & Spencer reported a £300 million loss in profits due to the disruption.

Supply chain disruptions
Online service outages
In-store operational challenges

Arrests and the "Scattered Spider" Connection

The UK's National Crime Agency (NCA) apprehended the four suspects, aged between 17 and 20, in a series of coordinated raids. Security experts believe the individuals are linked to the notorious hacking collective known as "Scattered Spider." This group has been associated with numerous high-profile cyber attacks in recent years, often targeting large corporations with ransomware demands.

The arrests highlight the growing threat of cybercrime and the increasing sophistication of hacking groups. Law enforcement agencies are working tirelessly to combat these threats, but businesses must also take proactive steps to protect themselves.

Impact on Consumers

Beyond the financial losses suffered by the retailers, the cyber attack had a direct impact on consumers. Stock shortages, delayed deliveries, and compromised online services caused significant inconvenience and frustration. The incident also raises concerns about data security and the potential for personal information to be compromised in such attacks.

What's Next?

This incident serves as a stark reminder of the importance of robust cybersecurity measures. Businesses of all sizes must invest in protecting their systems and data from cyber threats. This includes implementing strong passwords, regularly updating software, and training employees to recognize phishing scams and other malicious activities. Consumers should also be vigilant about protecting their personal information online and reporting any suspicious activity to the authorities.

The investigation is ongoing, and more details are expected to emerge in the coming weeks. The successful apprehension of the suspects demonstrates the commitment of law enforcement agencies to tackling cybercrime and bringing perpetrators to justice.