Police Arrest Teenagers Over Cyberattacks Targeting Major UK Retailers

British police arrested four individuals on Thursday in connection with recent cyberattacks targeting major U.K. retailers Marks & Spencer, Co-op, and Harrods. Three of the suspects are teenagers and remain in custody for questioning.

According to the report published by the National Crime Agency (NCA), the four suspects—three males (two aged 19 and one aged 17), and one female aged 20—were arrested at their houses on multiple charges, including blackmail, money laundry, Computer Misuse Act offences, and participating in activities with a crime group.

“All four were arrested at their home addresses and had their electronic devices seized for digital forensic analysis,” states the report. “They remain in custody for questioning by officers from the NCA’s National Cyber Crime Unit in relation to the three attacks, which took place in April this year.”

The cyberattacks were reported in May, after Co-op confirmed that hackers had stolen private data from over 20 million members. The hacking group DragonForce claimed responsibility, but experts suspect the cybercriminals were following orders from the criminal organization Scattered Spider. Similar attacks to the other two large retailers were also reported shortly after.

According to the New York Times, Marks & Spencer was the most heavily impacted, suffering an estimated $407 million in lost profit this year due to the attack.

The NCA had not confirmed if the four suspects arrested this week are affiliated with Scattered Spider, which is known for breaking into companies’ computer networks by using social engineering tricks to make people provide passwords and credentials.

In June, Google warned that the hacker group Scattered Spider had been targeting retailers in the United States using similar methods. The criminal organization has been developing sophisticated technologies this year to develop powerful malware and phishing kits.