By James Davey and Sam Tabahriti
LONDON (Reuters) -Four people under 21 have been arrested as part of a police investigation into cyberattacks that disrupted the operations of UK retailers Marks & Spencer, the Co-op and Harrods, Britain’s National Crime Agency said on Thursday.
April’s ransomware attack on M&S, one of the best known names in British business, was the most serious, forcing it to suspend online clothing shopping for nearly seven weeks and costing it about 300 million pounds ($400 million) in operating profit.
The NCA said males aged 19, 19 and 17 and a 20-year-old woman had been detained in the English West Midlands and London on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in organised crime.
All were arrested at home, had their electronic devices seized, and were being questioned by the NCA’s National Cyber Crime Unit.
On Tuesday, M&S Chairman Archie Norman told lawmakers the retailer had been in contact with the U.S.
FBI over the cyberattack.
He said “loosely aligned parties” had worked together under the suspected leadership of a group known as DragonForce.
Norman said British businesses should be legally required to report material cyberattacks, alleging that two recent major attacks on large UK firms had gone unreported.
M&S resumed taking online orders for clothing lines on June 10 after a 46-day suspension but is yet to restore click-and-collect services.
Last week, CEO Stuart Machin told investors the group would be over the worst of the fallout by August.
(Reporting by James Davey and Sam Tabahriti; editing by William James and Kevin Liffey)
