Harrods Confirms Customer Data Stolen in Third-Party Cyber Breach
Luxury retailer Harrods has warned customers that their personal information may have been compromised following a breach involving one of its third-party service providers.
In an email sent to affected customers on Friday evening, the London-based department store said that names and contact details of some online shoppers were accessed. The company assured customers that no passwords or payment information were involved in the incident.
Harrods described the breach as an “isolated incident” and confirmed that it had been contained. “The third party has confirmed this is an isolated incident which has been contained, and we are working closely with them to ensure that all appropriate actions are being taken,” the retailer said in a statement. “We have notified all relevant authorities.”
A company spokesperson stressed that Harrods’ own IT systems were not compromised and clarified that this breach was unrelated to a cyberattack in May, when the retailer temporarily restricted internet access across its sites following an attempt to gain unauthorised access.
Earlier this year, the same loosely affiliated hacking group that claimed responsibility for the May attack also targeted Marks & Spencer and the Co-op. In July, the National Crime Agency (NCA) arrested four individuals linked to the attacks: a 20-year-old woman in Staffordshire and three young men, aged between 17 and 19, in London and the West Midlands. All have since been released on bail.
The warning from Harrods comes amid a wave of high-profile cyberattacks affecting UK businesses. In August, a separate group of hackers disrupted Jaguar Land Rover’s global production lines, halting manufacturing for several days.
Richard Horne, chief executive of the National Cyber Security Centre, said such breaches highlight the growing sophistication of cybercriminals. “These attacks may seem theoretical and technical, but they have real-world impact on real people,” he told BBC Radio 4’s Today programme. “Criminal attackers don’t care who they hit or how much damage they cause. Every organisation, no matter its size, must take proactive steps to secure its systems and protect its customers.”
Harrods urged customers to remain vigilant for suspicious emails or communications and said it would provide updates as the investigation continues.
