Luxury department store Harrods is warning online customers of a data breach stemming from a compromised third-party service provider, resulting in the exposure of personal information tied to over 430,000 records.
The breach was disclosed to affected customers via an email sent on Friday evening. Harrods emphasized that the incident was isolated to the external vendor’s systems and confirmed that no payment information, passwords, or order histories were involved. The exposed data includes full names and contact details, typically email addresses and phone numbers.
While Harrods has not named the vendor responsible for the breach, the company stated that it is cooperating closely with the provider and relevant authorities. The incident has been contained, according to internal investigations, and there is currently no indication of continued unauthorized access. Harrods’ own systems were not impacted, and the firm clarified that this breach is unrelated to a previous cyber incident in May, which led to a temporary internet shutdown across its sites.
Founded in 1849 and headquartered in London, Harrods operates one of the world’s most iconic department stores and runs a high-traffic e-commerce platform offering luxury goods to international clientele. The company caters to a customer base that is often targeted by cybercriminals due to the high-value nature of its transactions and clientele.
The cyber threat landscape has been particularly volatile in the UK retail and logistics sectors this year. A loosely affiliated group of hackers previously claimed responsibility for attempted breaches at Harrods, as well as successful intrusions into Marks & Spencer and the Co-op. In July, four individuals aged 17 to 20 were arrested by the National Crime Agency in connection with these attacks. A separate group disrupted Jaguar Land Rover’s global production in August, showcasing the growing operational impact of cybercrime across industries.
At present, it remains unclear whether the 430,000 exposed records correspond to individual customer accounts or include duplicate entries such as multiple addresses or contact methods tied to single users.
While no financial data was stolen, users should remain vigilant against phishing emails or unsolicited communications that appear to reference Harrods. Avoid clicking on suspicious links or downloading attachments from unknown senders.
Harrods has informed the Information Commissioner’s Office (ICO) and other relevant regulatory bodies as part of its breach disclosure obligations. Further updates may follow depending on the outcome of ongoing investigations.
Leave a Reply