A 21-year-old man has been arrested over a series of arson attacks, police have said, after a fire at a house owned by Prime Minister Sir Keir Starmer.

The suspect was arrested in the early hours of Tuesday on suspicion of arson with intent to endanger life, according to the Metropolitan Police.

He remains in custody.

Emergency services were called to fires at the doors of two homes in north London within 24 hours of each other – one just after 1.35am on Monday in Kentish Town and the other on Sunday in Islington. Both properties are linked to Sir Keir.

Detectives were also checking a vehicle fire last Thursday on the same street as the Kentish Town property to see whether it is connected.

Part of the area was cordoned off as police and London Fire Brigade (LFB) investigators examined the scene.

Neighbours described hearing a loud bang and said police officers were looking for a projectile.

The prime minister is understood to still own the home, which was damaged by fire on Monday, but nobody was hurt. Pictures showed scorching at the entrance to the property.

Sir Keir used to live there before he and his family moved into 10 Downing Street after Labour won last year’s general election. It is believed the property is being rented out.

In the early hours of Sunday, firefighters dealt with a small fire at the front door of a house converted into flats in nearby Islington, which is also linked to the prime minister.

In a statement, police said: “As a precaution and due to the property having previous connections with a high-profile public figure, officers from the Met’s Counter Terrorism Command are leading the investigation into this fire.

“Enquiries are ongoing to establish what caused it. All three fires are being treated as suspicious at this time, and enquiries remain ongoing.”

Read more from Sky News:
QR codes linked to online drugs
Could UK get US-style ‘supermax’ jails?
Report: IS fighters in UK must face justice

The prime minister’s official spokesman said: “I can only say that the prime minister thanks the emergency services for their work and it is subject to a live investigation. So I can’t comment any further.”

Kemi Badenoch has condemned the suspected arson attacks.

Writing on X, the Conservative leader said: “This is a shocking incident. My thoughts are with the prime minister and his family. No one should face these sorts of threats, let alone people in public service.

“It’s an attack on our democracy and must never be tolerated.”

Shadow justice secretary Robert Jenrick told Sky News on Tuesday: “It’s important that the prime minister and anyone in public life has their family, their homes, protected.

“It is absolutely wrong, disgraceful, for any individual to take the kind of action that we saw against the prime minister’s home.”

Marks & Spencer has revealed customers’ personal data has been taken by hackers after it was hit by a damaging cyber attack.

The retail giant’s chief executive Stuart Machin said the data had been accessed due to the “sophisticated nature of the incident” but stressed that this does not include “usable payment or card details, which we do not hold on our systems”.

There is also no evidence that account passwords have been shared, according to the statement.

M&S did not say how many customers had been affected but in a social media post, Mr Machin said there is “no need for customers to take any action”.

“To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online,” he said.

M&S had 9.4 million active online customers in the year to 30 March, according to its last full-year results.

A cybersecurity expert told Sky News, however, that the lack of sensitive data being shared “does not mean that customers are not at risk”.

“With simple data such as names, email addresses, and potentially other personal details like addresses or phone numbers, which have been reported as accessed, attackers can use this information to create highly targeted and convincing phishing emails or text messages,” said Tim Grieveson, CSO at ThingsRecon.

“These emails from attackers can appear very legitimate because they use real personal information.”

He added that stolen personal data can be used “as pieces of a puzzle by fraudsters”.

“For example, if an attacker has your name and address, they might combine it with other publicly available information to attempt to open accounts or conduct other fraudulent activities.”

M&S has been struggling for weeks after hackers, reportedly from the Scattered Spider group, attacked their networks.

The British retailer was forced to halt recruitment amid the ongoing attack that became apparent on Easter Monday.

Shelves around the country have been bare and customers are unable to shop online.

Read more from Sky News:
QR codes linked to online drugs
Could UK get US-style ‘supermax’ jails?
Report: IS fighters in UK must face justice

Agency staff at some distribution centres were also told to stay at home because of the attack.

Last week, an M&S insider told Sky News it could be “months” before the retailer fully recovers from an ongoing, severe cyber attack – and that the company had no plan for such an incident.

An employee at M&S’s head office, who spoke to Sky News on condition of anonymity, said that last week had been “just pure chaos”.

“We didn’t have any business continuity plan [for this], we didn’t have a cyber attack plan,” the source said.

“In general, it’s lots of stress. People have not been sleeping, people have spent their weekends working, people sleeping in the office – just reactive response.”

The Co-op also faced a similar major incident and was forced to apologise after hackers managed to access the data of a “significant number” of past and current members.

In the same week, luxury department store Harrods also suffered an attempted hack and temporarily restricted internet access across its sites as a precautionary measure.

The National Crime Agency has said it is investigating the attacks individually but is “mindful they may be linked”.

Steve first spotted the eye-catching stickers while walking to the shops in Burton upon Trent. Plastered on bins and lamp posts, they featured a shiny, green cannabis leaf with a QR code and the words “get your delivery”.

The former prison officer, who is in his 50s, wanted to try the Class B drug as an alternative to prescribed opiates to ease his pain after breaking his back in three places.

He had only recently moved to the Staffordshire market town and was reluctant to buy off the street. “I didn’t want to just tap up some roadman,” he says.

Using his smartphone camera, he was taken to a slick, colourful site on the open web offering a wide range of cannabis products – from vapes and tinctures to pre-rolled joints, buds and gummies.

Just like legitimate online shops, it promised free delivery to arrive the next day and had glowing reviews on Google and Trustpilot.

Steve (not his real name) went on to order products including vapes and herbal cannabis.

“The first time I was shaking… when the postman came down the path – the package absolutely stank,” he says.

“It’s letterbox shaped so you don’t get a knock. The postman shoves it through your door and that’s it – job done.”

(Watch a video demonstration of how the QR codes work)

Similar stickers have been reported across the UK, from cities such as Birmingham, Glasgow and London, to smaller towns including Shrewsbury, in Shropshire, and Droitwich, in Worcestershire. There have also been sightings in South Wales.

Some have appeared near schools, universities and police stations.

Hidden gang network

A Sky News investigation has identified three different sticker designs, each of which directs users to separate, but linked, websites (which we are not naming), with their own branding.

Hidden in their source code is a long list of bank accounts and business names which are randomly selected when users make a purchase.

Using publicly available tools, we were able to build a network map of the businesses involved, the people behind them and how they are linked.

All are Lithuanian nationals, mostly registered to addresses in a small area of east London, one of which is linked to an alleged gangster found guilty of kidnap and torture in Lithuania.

Royal Mail tracking details also suggest the operation is based in this area as the packages passed through Romford’s mail centre.

An analysis of Bitcoin wallets – carried out by TRM Labs – shows one of the sites had received around $109,000 (£82,000) by mid-March, although the true income is likely to be far higher as more buyers use regular bank transfers than cryptocurrency.

When we visited a woman who owns two of the houses associated with the bank accounts, she said she had never heard of the website and had no idea a criminal enterprise may be being run from her properties.

She also said three Lithuanian nationals we identified as being connected with the site had left the UK.

Former head of drugs threat and intelligence for the National Crime Agency (NCA), Tony Saggers, says the scale of the operation suggests those behind it have access to wholesale quantities of cannabis, which has probably been grown in the UK.

It also demonstrates the “evolution of online drug markets” from the dark web to open websites, “making them more accessible to the wider population”, he tells Sky News.

Ben (not his real name), a student in his early 20s, scanned a QR code sticker out of “genuine curiosity” after spotting it on a telecoms cabinet near the University of York.

He’d never bought or used drugs before but says he “had a moment of free will and the risk of losing money was minimal so I tried it”.

“Perhaps it’s something to do with the website, it’s like you are buying a professional regulated product so that made me worry less.”

A £10 pre-rolled joint arrived by Royal Mail first class post in “branded packaging and looked clean and professional”.

However, he says he didn’t enjoy smoking it and for his “mental health” hasn’t bought any more.

‘Russian roulette’

Dr Simon Erridge, research director at Curaleaf Clinic, where specialist doctors can legally prescribe medical cannabis, says people like Steve and Ben are playing “Russian roulette”.

The clinic has run a campaign using its own QR code stickers, which direct people to results from its study with Manchester Metropolitan University.

It found 90% of 60 illegal cannabis samples seized by the Greater Manchester and Northumbria police forces were contaminated with mould, yeast, lead, E.coli or salmonella.

An analysis of WEDINOS data, a service that tests drugs sent in by users, found 43% of the 1,635 samples bought as cannabis contained no compounds naturally derived from the plant.

Some 38% contained harmful substances, with 27% containing synthetic chemicals such as spice, a drug which is popular in prisons and that can cause dangerous side effects including cardiac arrest.

The clinic’s research also shows consumer habits are changing.

A survey of 500 cannabis users last year found that while street dealers are still the most common source (45%), just above friends and family (44%), more people are buying online.

Some 7% said they had engaged with QR codes, while the use of websites offering illegal cannabis products almost doubled from 6% in 2022 to around one in ten (11%) in 2024.

The trend is even more pronounced among young adults, with 15% of 18-24-year-olds buying cannabis online.

Sarah (not her real name), a professional in her 40s, says “buying on the streets isn’t an option for me”. She has bought fake cannabis vapes through Instagram in the past.

But she says tests confirmed THC was present in a vape she bought through one of the websites.

It’s illegal to possess and sell products containing THC without a prescription, but Sarah says she’s more worried about losing money if the package gets intercepted.

“I don’t think the police would do much anyway,” she says.

What are police doing about it?

Supply can carry a maximum 14-year prison sentence, with five years for possession, although those caught with a small amount of cannabis are often dealt with by way of a warning or on-the-spot fine.

Police are aware QR code stickers are being used to sell drugs and see it as part of the evolution of how criminals have adopted technology.

They believe they could be used as evidence in future prosecutions, although none of the forces we contacted, where the issue has been reported, were able to point to any arrests.

Derbyshire Police says officers are on the look-out for stickers and will remove them when out on patrol but have not yet been able to identify the people responsible.

Detective Constable Matt Pedrick, from West Mercia Police, another area where the stickers have been reported, says any website advertising the sale of cannabis “is probably based outside the UK”.

“We remove the stickers when we find them, and would advise anyone to steer clear of these websites and to remember that drugs laws apply to all drugs regardless of where they are purchased.”

Police also believe the stickers aren’t just a matter for their officers and want councils, businesses and transport companies to remove them – and for postal services to ensure they’re not inadvertently helping supply drugs.

Read more from Sky News:
Driver who used car to murder e-bike rider is jailed
Crossbow attack suspect died from self-inflicted gunshot

Ex-NCA officer Tony Saggers says the brazen nature of the operation suggests those behind it are “laughing in the face of law enforcement” but doesn’t think it represents decriminalisation by the back door.

He says the combination of an online marketplace and a drug that’s a lower priority for police “make it easier for some people to get away with that for periods of time”.

“But I wouldn’t ever suggest that they’re always going to get away with it because people’s time does come round,” he says.

“And if a site that’s doing well and selling high volumes and increasingly high volumes continues to be successful, they’re more likely to attract attention.”

We contacted the NCA about our findings.

“Many organised crime groups selling drugs use social media and communication platforms to promote and sell their illicit produce,” it said in a statement.

“The NCA is working with partners across law enforcement and government to tackle drug trafficking.”

It suggested we contact the Metropolitan Police and Ofcom, which regulates the postal service.

The Met pointed us to the National Police Chiefs’ Council (NPCC) because “the website covers the UK”, but the NPCC would not provide a comment on the record.