Cyber attack on Harvey Nichols compromised customers' sensitive personal information

British luxury department store chain Harvey Nichols said it experienced a data security incident that compromised the sensitive personal information of its customers.

 

Recently, the Register reported that the retailer became a victim of a data security incident on September 16. As per the report, after it learned about the security incident, the retailer immediately launched an investigation and notified the Information Commissioner’s Office about the breach.

 

In a letter to its customers, Harvey Nichols said that their sensitive personal information, including names, addresses, phone numbers, company names, and email addresses were compromised during the incident.

The luxury department store has, however, confirmed that passwords and financial information were not accessed by the threat actors who infiltrated its systems.

 

“The issue that allowed the attack to succeed has now been closed so our system is once again fully secure, and we have engaged experts to ensure it remains so,” reads the letter sent to its customers.

 

Harvey Nichols said it found no evidence of the compromised information being misused, but has nevertheless advised all affected customers to remain vigilant and not succumb to scams.

 

“While no financial or password data has been exposed, you should be vigilant to the risk of fraudsters using your contact details (e.g. phone, email address) to attempt to get more sensitive information from you.

 

"In particular, you should look out for phishing emails or emails that look suspicious (e.g. emails you receive that you are not expecting). You should also keep an eye out for any fraudulent activity on all your accounts. If you receive suspicious SMS/texts, always forward them to 7726. No matter which mobile operator you use, this number is used in the UK to report spam,” the company added.

 

Harvey Nichols is yet to share details on who is behind the cyber attack, the nature of the same and how its systems were infiltrated. At the time of publication, no hacker group has claimed responsibility for the cyber attack on Harvey Nichols’ systems.