Harrods has warned online customers that their personal data may have been compromised in a cybersecurity breach. The luxury department store emphasised that only basic personal identifiers such as names and contact details were affected.
The breach occurred at a third-party provider's system rather than Harrods' website directly. No payment details or account passwords were stolen in the incident.
Third-party system targeted
A Harrods spokesperson said: "We have been notified by one of our third-party providers that some Harrods e-commerce customers' personal data has been taken from one of their systems. We have informed affected customers that the impacted personal data is limited to basic personal identifiers including name and contact details but does not include account passwords or payment details."
Customers were notified via email on Friday evening about the data theft. The third-party provider confirmed this was an isolated incident that has been contained.
Separate from May attack
This breach is completely unrelated to a cyberattack attempt on Harrods systems in May 2024. The spokesperson confirmed: "No Harrods system has been compromised and it is important to note that the data was taken from a third-party provider and is unconnected to attempts to gain unauthorised access to some Harrods systems earlier this year."
Only MyLondon reports that four suspects aged 17 to 20 were arrested in July by the National Crime Agency in connection with cyber attacks targeting Harrods, M&S, and Co-op. The arrests included charges related to blackmail and organised crime participation.
Growing retail vulnerability
The incident highlights escalating cybersecurity challenges facing major retailers and their technology partners. High street names including M&S, Co-op and Jaguar Land Rover have all suffered similar attacks recently.
According to the BBC, Jaguar Land Rover's production lines were halted until this week due to an August cyber attack. Richard Horne, chief executive of the National Cyber Security Centre, warns that cyber attackers are "refining their techniques" and causing "real world impact on real people."
Security experts describe third-party providers as potential "weak points" that hackers can exploit to access data across multiple organisations. These providers often have system access spanning various companies, making them attractive targets for cybercriminals seeking maximum impact.
Sources used: "Metro", "MyLondon", "BBC", "Mirror" Note: This article has been edited with the help of Artificial Intelligence.
