The British police arrested four people, including three teenagers, on Thursday in connection with an April cyberattack that cost the retail giant Marks & Spencer millions of pounds and disrupted operations at Harrods and Co-op.
Three males, two aged 19 and another aged 17, and one female, 20, were apprehended at their homes in the West Midlands and in London on Thursday morning, the authorities said. All four people remain in custody, arrested on suspicion of Computer Misuse Act offenses, blackmail, money laundering and participating in an organized crime group, according to a statement by Britain’s National Crime Agency. Electronic devices were seized as part of the investigation.
“Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the U.K. and overseas, to ensure those responsible are identified and brought to justice,” said Paul Foster, the head of the national cybercrime unit, in a statement.
Among the three retailers, Marks & Spencer, one of Britain’s largest, was hit hardest and was forced to pause online orders for months. The company said in May that the “highly sophisticated” attack cost it about 300 million pounds ($407 million) in lost profits this year. The attack also forced staff to use manual processes and caused food waste to pile up. Some customer data was also stolen in the attack.
Marks & Spencer said that the breach was the result of human error. The hackers had gained access to the company’s systems through social engineering tricks via a third-party supplier, the company said.
Harrods experienced brief disruptions, restricting internet access at its sites as a security measure, and Co-op reported that the cyberattack disrupted some back office and call center services.
The National Crime Agency did not respond to questions about whether the four individuals were linked to Scattered Spider, a hacker group that was being investigated in connection with the Marks & Spencer attack. The group is known for social engineering campaigns in which it tricks people into providing passwords or other credentials to break into a company’s computer network.
Jenny Gross is a reporter for The Times covering breaking news and other topics.
The post 3 Teenagers Arrested Over Cyberattacks That Cost U.K. Retailers Millions appeared first on New York Times.