British authorities have confirmed they are investigating the potential involvement of hacking group Scattered Spider in hacks on UK retailers in recent weeks, as Marks & Spencer said the hack on its systems had been carried out via one of its third-party contractors.

The retailer did not name the contractor, but it is understood to be India-based Tata Consultancy Services (TCS), which has worked with M&S for more than a decade operating its IT help desk.

Scattered Spider, believed to be made up of mostly English-speaking young men and teens in the UK and the US, has in the past used social engineering techniques such as calling up IT help desks and tricking an engineer into clicking on a link or resetting someone’s account to a known password.

Scattered Spider

Paul Foster, head of the National Crime Agency’s cyber-crime unit, told the BBC that the NCA is looking at Scattered Spider but was following up a “range of different hypotheses”.

He said the group is largely English-speaking but that “doesn’t necessarily mean that they’re in the UK”.

The group, also known as Octo Tempest, Muddled Libra and other monikers assigned by various security groups, has been linked to the hack of MGM and Caesars casinos in 2023 and Transport for London last year.

TCS is investigating internally whether it was used as the means to hack M&S and expects to conclude its probe this month, the Financial Times reported.

Security researchers have previously pointed out similarities between the casino hacks and the retail disruption, making it likely Scattered Spider is involved in both.

As with the retail hacks, which have led M&S to shut down its online sales and have led to empty shelves at Co-op stores, the casino hacks resulted in significant disruption at resorts, with some floors of casinos shut down and guests left unable to access their rooms via keycards.

Scattered Spider is believed to have worked with a Russian-speaking hacking group for hire known as AlphV in 2023, and with a different group this year.

The English-speaking portion of the gang has been known for the use of social engineering techniques as well as threats of physical violence.

Arrests

Police have arrested several people allegedly part of Scattered Spider, including two Americans and two British men.

The alleged leader of Scattered Spider, UK citizen Tyler Buchanan, was arrested in Spain in June 2024 while attempting to board a flight to Italy, with Spanish police alleging he had in his possession Bitcoin worth $27m.

Noah Michael Urban was arrested in Florida 2024 for the cumulative theft of about $800,000 in cryptocurrency.

West Midlands Police aided the FBI in the arrest of a 17-year-old juvenile in Walsall in July of last year in connection with the casino hacks.

Remington Ogletree, 19, was arrested in California in November of 2024 on charges related to his alleged involvement in the group.