Four people have been arrested in the UK as part of a National Crime Agency investigation into cyber attacks targeting M&S, Co-op and Harrods.

Two men aged 19, another aged 17, and a 20-year-old woman were apprehended in the West Midlands and London yesterday on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group.

The four remain in custody for questioning by officers from the NCA's National Cyber Crime Unit in relation to all three attacks, which took place in April this year.

Deputy director Paul Foster, head of the NCA's National Cyber Crime Unit, said the investigation was one of the agency’s highest priorities.

"Today's arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice,” he added. "Cyber attacks can be hugely disruptive for businesses and I'd like to thank M&S, Co-op and Harrods for their support to our investigations. Hopefully this signals to future victims the importance of seeking support and engaging with law enforcement as part of the reporting process. The NCA and policing are here to help."

The Cyber Monitoring Centre last month categorised the disruption to M&S and Co-op specifically as a Category 2 systemic event. In its first live public assessment of a cyber incident's financial impact in the UK, the CMC estimated the ransomware attack on the two retailers and associated parties cost somewhere between £270m and £440m.

Bearing the brunt of the incident, the online operations of M&S were suspended for nearly seven weeks.

---