Three teenagers and a young woman have been arrested as part of an investigation into the Marks & Spencer, Co-op and Harrods cyber attacks.
The National Crime Agency (NCA) said four people were arrested early on Thursday morning in relation to the attacks, which happened earlier this year.
The arrests include three males – one aged 17 and the other two 19 – from the West Midlands and London, as well as a 20-year-old British woman from Staffordshire. All are British except for one Latvian male.
All were arrested on suspicion of blackmail, money laundering, offences linked to the Computer Misuse Act and participating in the activities of an organised crime group.
They were all arrested at their home addresses and remain in custody.
It comes after investigations by the NCA into attacks against the three retailers, where hackers sought ransom payments after breaking into their IT systems.
Paul Foster, head of the NCA’s cybercrime unit, said: “Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the agency’s highest priorities.
“Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice.”
It came days after M&S chair Archie Norman told MPs that two other “large British companies” have been impacted by unreported cyber attacks in recent months, as he detailed the “traumatic” attack on the historic retailer.
M&S was forced to suspend online operations in April after hackers targeted its systems.
The incident first caused problems for the retailer’s contactless payments and click and collect orders, while it has also impacted some availability in stores.
The incident led to the theft of personal customer data, potentially including names, email addresses, postal addresses, and dates of birth.
Last month, the retailer began to reinstate online sales, allowing customers in England, Scotland, and Wales to purchase a selection of its popular fashion ranges and new home products for delivery.
An M&S spokesperson said: “We welcome this development and thank the NCA for its diligent work on this incident.”
The retail giant was just one of a number of retailers and other firms to have been hit by a raft of cyber attacks striking the sector in recent months.
In May, a significant cyber attack impacted the Co-op’s stock availability, resulting in days of empty shelves for shoppers.
The attack also resulted in hackers stealing members’ personal data, including names and contact information.
Luxury department store Harrods also confirmed it had been affected by an attempted hack and temporarily restricted internet access across its sites as a precautionary measure.
