Arrests Made in High-Profile Cyber-Attack Investigation

Four people have been arrested by police investigating the cyber-attacks that have caused significant disruption at Marks & Spencer (M&S) and the Co-op. The National Crime Agency (NCA) says a 20-year-old woman was arrested in Staffordshire, while three males – aged between 17 and 19 – were detained in London and the West Midlands. They were apprehended on suspicion of Computer Misuse Act offences, blackmail, money laundering, and participating in the activities of an organised crime group.

The arrests are a significant step in the NCA’s investigation, which has been ongoing since the hacks began in mid-April. The attacks have caused huge disruption for the two retailers, with some Co-op shelves left bare for weeks and M&S expecting its operations to be affected until late July. The retailer has estimated it will cost £300m in lost profits.

According to the NCA, the hackers deployed malicious software called ransomware, scrambling M&S’s IT networks and making them unusable unless a ransom was paid. The hackers also stole a huge amount of private data belonging to customers and staff. The data breach is believed to be one of the largest in UK retail history, with millions of customers and staff affected.

The M&S hack was particularly severe, with the hackers sending an email to the company’s CEO demanding payment. The email was described as “offensive” and was seen as a clear attempt to intimidate the company. The hackers also deployed a type of ransomware known as “file-encrypting ransomware”, which encrypts files on a victim’s computer and demands a ransom in exchange for the decryption key.

The Co-op was also targeted, with the hackers stealing the private data of millions of its customers and staff. The Co-op was forced to admit that the data breach had happened after hackers contacted the BBC with proof that the firm was downplaying the cyber attack. The company was able to prevent further disruption by disconnecting its IT systems from the internet, but the incident highlights the severity of the threat posed by cybercrime.

The investigation has been a collaborative effort between the NCA and other law enforcement agencies, including the West Midlands Regional Organised Crime Unit and the East Midlands Special Operations Unit. Paul Foster, head of the NCA’s National Cyber Crime Unit, said the arrests were a “significant step” in the investigation, but added that the work continues to identify and bring those responsible to justice.

The chairman of M&S told MPs this week that the hack felt like an attempt to destroy the business. The company’s chairman also revealed that the hack had caused significant disruption to its operations, with some IT systems not fully operational until October or November. Harrods was also targeted in an attack that had less impact on its operations.

The NCA has said that it believes the hackers are young and from the US and UK. The agency has also warned that the threat of cybercrime is increasing, with more and more businesses falling victim to attacks. The arrests are seen as a major victory in the fight against cybercrime, and demonstrate the NCA’s commitment to protecting businesses and individuals from this growing threat.