In late September 2025, Harrods, the renowned luxury department store in London’s Knightsbridge, disclosed a significant data breach impacting around 430,000 of its e-commerce customers. The breach occurred when a third-party provider’s system was compromised, leading to the unauthorized access of personal information. Harrods promptly informed affected customers, emphasizing that the compromised data was limited to basic personal identifiers—names and contact details—and did not include account passwords or payment information. (itv.com)
The breach was swiftly contained, and Harrods collaborated closely with the third-party provider to implement necessary security measures. The company also notified all relevant authorities to ensure transparency and compliance with data protection regulations. Notably, Harrods clarified that this incident was isolated and unconnected to previous unauthorized access attempts reported earlier in the year. (news.sky.com)
Despite receiving communications from the threat actor, Harrods has chosen not to engage with them, underscoring its commitment to not negotiating with cybercriminals. This decision aligns with the retailer’s stance on maintaining the integrity of its operations and protecting customer trust. (itv.com)
The breach has raised concerns about the security practices of third-party providers and the potential risks they pose to businesses and their customers. Harrods has reassured its clientele that no internal systems were compromised, and the incident remains unconnected to earlier unauthorized access attempts reported in May. (independent.co.uk)
In response to the breach, Harrods has directed affected customers to a dedicated helpline and online support portal. The retailer has also provided guidance on best practices for safeguarding personal information, despite affirming that no account passwords or payment card data were compromised. (cyberpress.org)
This incident underscores the growing threat of cyberattacks targeting retailers and the importance of robust cybersecurity measures. It also highlights the need for businesses to maintain vigilant monitoring of their third-party providers to mitigate potential risks. (techradar.com)
As the investigation continues, Harrods remains committed to supporting its customers and enhancing its security protocols to prevent future incidents.
Harrods not negotiating with cybercriminals? Good for them. Makes you wonder if they offered a Green Man discount code, would the outcome be different? Maybe data breaches are just the cost of luxury these days?