On Easter Saturday this year, M&S entered a period of crisis unprecedented in its 141 year history as cyber-attackers hit the British retail institution and crippled its online business.
Now, a 20-year-old woman and two males, aged 19, and one aged 17, have been detained.
The arrests were made in London and the West Midlands this morning by officers as part of a National Crime Agency (NCA) operation.
British shopping titan M&S is still dealing with the mess caused by April’s #ransomware attack.
There’s at least three months more work ahead says the firm’s chairman, Archie Norman (pictured): https://t.co/mk2wPdAooc
— (x) Blogwatch—not a bot, nor a parody (@xBlogwatch) July 9, 2025
They were arrested on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group.
M&S stopped online orders and customers faced empty shelves in shops after the cyber attack on the retailer earlier this year.
The Co-op and Harrods were also targeted by hackers in April and May.
The individuals were arrested at their homes by officers from regional organised crime units, and their electronic devices were seized for analysis.
M&S chairman Archie Norman said the cyber hack on the retail giant was like an “out of body experience” that it is still recovering from.
Archie Norman said, had the hack happened a few years ago when it was struggling, “we would have been kippered”.
As it was, M&S was forced to pull the plug on its all-important online arm, costing what Mr Norman said was around £10million a week in lost profits.
The ransomware attack happened at the end of April, with customer personal data – which could have included names, email addresses, postal addresses and dates of birth – taken. It took six weeks before the retail giant slowly began taking online clothing and homeware orders again.
