In particular, Harrods faced severe issues in May, with restricted online access impacting order processing, while Co-op experienced its second breach in 2025, after an earlier attack by the group DragonForce.

The suspects' electronic devices have been seized for forensic analysis, and ongoing investigations aim to identify the full scope of the cybercriminal network.

Recently, four young individuals linked to organized cybercrime activities have been arrested by the National Crime Agency in connection with cyberattacks on major UK retailers including Marks & Spencer, Co-op, and Harrods, which caused significant operational disruptions.

The cybercrime group behind these attacks, known as Scattered Spider, is notorious for its social engineering tactics, such as impersonation and phishing, which target industries by tricking help desks and call centers.

This group has a history of high-profile breaches, including a 2023 attack on Caesars Entertainment, and employs persistent strategies like setting up fake login domains to breach organizations.

Authorities advise victims of cybercrime to report incidents via the Government's Cyber Incident Signposting Site to facilitate response and recovery.

Notably, cybercriminals like Jubair have been involved in multiple breaches, including repeated attacks on T-Mobile and fraudulent data requests to social media and email providers.

These incidents are part of a broader wave of organized cyberattacks causing widespread disruption and financial damage across the UK retail sector.

The recent arrests mark a significant breakthrough in combating organized cybercrime, especially targeting groups like Scattered Spider, which recruits young, tech-savvy individuals from online gaming communities.

Experts emphasize the importance of international cooperation in law enforcement efforts to dismantle these cybercrime networks and prevent further attacks.

While some companies like Harrods managed to mitigate damage by disconnecting systems, others like Co-op had to shut down parts of their networks to prevent ransomware deployment, highlighting the ongoing vulnerabilities.

These cyberattacks involved blackmail, data breaches, and ransomware, leading to substantial financial losses and operational challenges for the targeted companies.