Harrods Confirms Major Data Breach Affecting 430,000 Customers’ Personal Information

U.K retail giant Harrods said it suffered a significant data security incident that compromised the sensitive personal details of 430,000 customers.

 

Harrods, an iconic London-based luxury department store with a long-standing heritage, operates a comprehensive and fully integrated e-commerce platform that caters to a global customer base.

 

In a recent statement shared with the media, Harrods said that a third-party service provider responsible for maintaining its customer data experienced a significant data security incident, resulting in the compromise of sensitive personal information belonging to its customers.

 

In an email sent to its customers, Harrods described the breach as an “isolated incident”, and that no passwords or payment details were compromised.

 

“The third party has confirmed this is an isolated incident which has been contained, and we are working closely with them to ensure that all appropriate actions are being taken. We have notified all relevant authorities,” Harrods said.

 

In a separate statement, Harrods confirmed that the threat actors behind the breach affecting 430,000 customers have reached out in an attempt to negotiate a ransom.

 

“We have received communications from the threat actor and will not be engaging with them.

 

“We proactively informed affected e-commerce customers on Friday that the impacted personal data is limited to basic personal identifiers including name and contact details, where this information has been provided. It does not include account passwords or payment details.

 

“Affected customer records may also have labels related to marketing and services delivered by Harrods.

 

“These labels may include tier level or affiliation to a Harrods co-branded card although this information is unlikely to be interpreted accurately by an unauthorised third party,” the retail giant added.

 

Harrods added that this latest incident is not related to the cyber attack the retailer experienced in May, which was attributed to the Scattered Spider hacker group.