Harrods Suffers Data Breach: Customer Information Compromised in Latest Retail Cybersecurity Incident

Harrods warned customers that their personal data may have been taken in a breach of its online systems

Harrods, the prestigious luxury British department store, has alerted certain customers that their personal information may have been compromised following a cybersecurity breach affecting its online systems.

The luxury retailer disclosed late Friday that basic personal identifiers, including names and contact details of online customers, were accessed after a security compromise involving one of their third-party provider systems.

"We have informed affected customers that the impacted personal data is limited to basic personal identifiers including name and contact details, but does not include account passwords or payment details," stated the company in an official release.

Harrods further emphasized that the incident was "isolated" and has been successfully contained, though specific details about the breach were not provided.

The company clarified that this data breach is unrelated to a previous incident in May, when Harrods implemented restrictions on internet access across its locations as a precautionary measure following an attempted unauthorized system access.

In July, authorities arrested four individuals suspected of involvement in cyberattacks targeting Harrods and other major British retail chains including Marks & Spencer and the Co-op. These suspects were released on bail as investigations continue.

This incident adds to a growing series of cyberattacks affecting prominent British businesses in recent months.

Just last week, Jaguar Land Rover, Britain's largest automaker, announced that its production lines will remain non-operational until at least October 1, following a cyberattack that occurred in August.

Additionally, on Friday, the BBC and other British media outlets reported that hackers had stolen information about thousands of children from Kido, a London-based nursery chain, and published some children's photos and personal details on the darknet.

The Metropolitan Police force confirmed that investigations regarding "a ransomware attack on a London-based organization" are ongoing, with no arrests made thus far.