Luxury retailer Harrods has confirmed it was targeted by hackers who compromised approximately 430,000 customer records in a recent IT security breach.
According to Harrods, the company will not engage with the “threat actor(s).” The data, obtained from a third-party vendor, was reportedly limited to basic customer information, excluding sensitive details such as passwords and payment credentials.
“Our priority is to inform and support our customers. We have notified all relevant authorities and are fully cooperating with their investigations,” a Harrods spokesperson stated.
Given that the majority of Harrods’ clientele primarily shop in physical stores, it is understood that only a relatively small segment of its customer base was affected by the data breach.
Harrods has not disclosed the specific demands or nature of the communications from the hackers.
The compromised data included basic personal identifiers, such as names and contact information, if provided by the customer.
The stolen information also encompassed marketing preferences, loyalty card details, and affiliations with partner companies, including Harrods co-branded cards. The spokesperson added that such data is “unlikely to be interpreted accurately by an unauthorised third party.”
“We want to emphasize that no payment details or order history information was accessed, and the compromised personal data is limited to basic personal identifiers as previously stated,” the spokesperson clarified.
Harrods also confirmed that this recent data breach is unrelated to previous attempts to infiltrate its systems earlier in the year.
The department store initially disclosed the breach to its customers via email on Friday.
This incident is part of a growing trend of cyber-attacks targeting major UK businesses this year.
In May, Harrods took precautionary measures by restricting internet access across its sites following an attempt to gain unauthorized access to its systems.
A hacking group that claimed responsibility for that incident also asserted responsibility for attacks on M&S and Co-op. Four individuals were subsequently arrested in July in connection with those cyber intrusions.
Co-op, which revealed in July that the data of all 6.5 million of its members had been compromised, reported this week that the cyber-attack resulted in £206 million in lost sales.
M&S, which experienced months of disruptions to its online services, estimated in May that the cyber-attack would reduce its profits by £300 million.
Car manufacturer Jaguar Land Rover is still working to restore its IT systems and resume production following a cyber-attack in late August. The incident has significantly impacted the company and its supply chain, leading to the government’s agreement to underwrite a £1.5 billion loan guarantee to JLR to support its suppliers.
Ministers are hopeful that the loan, provided by a commercial bank and backed by the government, will provide stability to suppliers.
The perpetrators have threatened to release an additional 30 profiles, along with data from 100 employees, if a ransom is not paid.
Experts have characterized the cyber-attack as an “absolute new low” in cyber-crime.
There are growing concerns that some of the carmaker’s suppliers could face financial collapse without support.
The retailer’s IT networks were breached by hackers in April, resulting in payment issues and shortages of goods in stores.