In a surprising turn of events, the recent cyber attack on Marks and Spencer (M&S) has revealed that the culprits were not the stereotypical hackers one might imagine. Instead of seasoned cybercriminals, the individuals behind this significant breach were a 20-year-old woman and three teenagers, aged 17 and 19. This revelation has shocked many and highlighted the evolving nature of cybercrime.
The Cyber Attack
Earlier this year, Marks and Spencer experienced a substantial cyber attack that led to the theft of personal customer data, including telephone numbers, home addresses, dates of birth, and online order histories. The attack caused significant disruption to M&S’s online services, resulting in financial losses and a decline in customer trust.
The Arrests
On July 10, 2025, the UK’s National Crime Agency (NCA) arrested four individuals in connection with the M&S hack. These arrests were part of a coordinated operation involving regional organised crime units. The authorities detained a 20-year-old woman and three teenagers on suspicion of offences under the Computer Misuse Act, blackmail, money laundering, and participating in the activities of an organised crime group. They also seized the suspects’ electronic devices for further analysis.
The Hacker Group: Scattered Spider
The cyber attack on M&S has been linked to a notorious hacker collective known as Scattered Spider. This group is infamous for launching sophisticated social engineering attacks to obtain usernames, login credentials, and multi-factor authentication (MFA) tokens. In 2025, Scattered Spider targeted several high-profile brands, including Klaviyo, HubSpot, Pure Storage, and many others.
Breaking Stereotypes
The arrests have shattered the common stereotype of hackers as shadowy figures operating from dark basements. Instead, the individuals involved were young and seemingly ordinary. This case underscores the fact that cybercrime can be perpetrated by anyone with the right skills and motivations, regardless of age or background.
Impact on Other Retailers
Marks and Spencer was not the only retailer affected by these cyber attacks. The Co-op and Harrods also fell victim to similar attacks, resulting in the theft of customer information and significant operational disruptions. These incidents underscore the growing threat of cybercrime and the urgent need for robust cybersecurity measures to protect sensitive data.
Staying Safe as a Consumer
In light of these recent data breaches, it is crucial for consumers to stay vigilant and protect themselves from potential scams and fraud. Here are some useful tips:
Use a Password Manager: A password manager can help you create and store strong, unique passwords for each of your online accounts, reducing the risk of password-related breaches.
>Enable Two-Factor or Multi-Factor Authentication (2FA/MFA): Adding an extra layer of security to your accounts can significantly reduce the risk of unauthorized access.
>Implement Dark Web Monitoring: Dark web monitoring services can alert you if your personal information is found on the dark web, allowing you to take immediate action to protect your identity.
Monitor Financial Statements and Credit Reports: Regularly check your financial statements and credit reports for any suspicious activity.
>Be Cautious of Phishing Attempts: Be wary of emails, calls, or texts claiming to be from legitimate companies asking for personal information. Always verify the source before providing any details.
Conclusion
The arrests made in connection with the Marks and Spencer hack mark a significant step forward in the fight against cybercrime. However, these incidents highlight the ongoing challenges. Also the importance of staying vigilant and adopting robust cybersecurity practices. By taking proactive measures, both businesses and consumers can better protect themselves against the ever-evolving threat of cyber attacks.
