Harrods has notified certain customers that their personal data may have been compromised due to an IT breach involving one of its third-party providers. The luxury department store, located in Knightsbridge, London, reported that information taken includes names and contact details of its e-commerce customers.
In a statement, Harrods confirmed that the affected data is limited to basic personal identifiers and does not include account passwords or payment details. The store emphasized that the incident has been isolated and contained, and indicated that they are collaborating with the third party to address the issue. Relevant authorities have also been informed.
In May, Harrods had restricted internet access across its systems following a separate attempt to infiltrate its networks. A spokesperson clarified that no Harrods system was compromised and indicated that the current situation is unconnected to earlier unauthorized access attempts.
Additionally, in July, four individuals were arrested on suspicion of involvement in a series of cyber-attacks against multiple organizations, including Marks & Spencer and the Co-op, as well as Harrods. The arrests included two men aged 19, a 17-year-old boy, and a 20-year-old woman, all of whom have been released on bail pending further inquiries.
Marks & Spencer experienced significant disruptions earlier this year, with an attack in April leading to the closure of its online store for nearly seven weeks, while the Co-op also had to shut down parts of its IT system around the same time. The interconnectedness of these cyber incidents raises questions about the overall security practices across the retail sector.
Source: https://www.theguardian.com/business/2025/sep/26/harrods-warns-customers-their-data-may-have-been-stolen-in-it-breach