Four individuals under the age of 21 have been arrested in connection with a series of cyberattacks that disrupted the operations of major UK retailers including Marks & Spencer, the Co-op, and Harrods, the National Crime Agency (NCA) confirmed on Thursday. Reports Technology News
The most severe of the attacks targeted Marks & Spencer in April, forcing the iconic British retailer to suspend its online clothing sales for nearly seven weeks. The incident dealt a significant financial blow, with losses estimated at around £300 million ($400 million) in operating profit.
According to the NCA, those arrested include two 19-year-old males, a 17-year-old male, and a 20-year-old woman. They were detained in the West Midlands and London on suspicion of offences including breaches of the Computer Misuse Act, blackmail, money laundering, and involvement in organised crime.
M&S Chairman Archie Norman revealed on Tuesday that the company had been in contact with the US Federal Bureau of Investigation (FBI) regarding the cyberattack. He suggested that “loosely aligned parties” had coordinated the assault under the suspected direction of a group known as DragonForce.
Norman also called for stronger legal requirements, stating that UK businesses should be obliged to report major cyberattacks. He claimed that two recent significant incidents affecting large UK companies had not been publicly disclosed.
M&S resumed online clothing orders on June 10 following a 46-day shutdown. However, click-and-collect services remain offline. Last week, CEO Stuart Machin told shareholders the retailer expects to recover from the worst of the disruption by August.
