Luxury department store Harrods has confirmed that data relating to approximately 430,000 customer records was stolen in a recent IT breach, following a hack that compromised information held by a third-party provider.
The stolen data is understood to be limited to basic personal details and does not include passwords, payment information, or order history.
In a statement issued late Monday, Harrods reiterated that it would not engage in negotiations or communications with the “threat actor” responsible for the breach.
“Our focus remains on informing and supporting our customers. We have informed all relevant authorities and will continue to co-operate with them,” the company spokesperson said.
Harrods emphasized that the breach affected only a small proportion of its customer base, given that the majority of its clientele shop in-store.
According to Harrods, the compromised data set comprised names and contact details—such as email addresses and telephone numbers—provided by customers to the third-party system.
Additional information relating to marketing preferences, loyalty cards, and ties to partner companies, including Harrods co-branded cards, was also accessed.
The spokesperson suggested that this information “is unlikely to be interpreted accurately by an unauthorised third party,” and stressed that no sensitive financial or transactional data was involved.
This incident follows an email notification sent to customers on Friday, in which Harrods first disclosed the breach.
The department store made clear that the event is not related to earlier attempts to hack into its own internal systems earlier this year.
In May, Harrods restricted internet access across its sites as a precautionary measure after detecting an attempt at unauthorised system access.
Harrods did not provide details on any ransom demands or other communications from the attackers, nor did it name the hacking group.
Recent investigations revealed that a group claiming responsibility for earlier intrusions at Marks & Spencer and the Co-operative Group was behind those attempts; four individuals were arrested in July in connection with those hacks.
This year has seen a string of cyber-attacks targeting major UK businesses. In July, the Co-operative Group confirmed that data belonging to all 6.5 million of its members was stolen in an attack that has since cost the retailer an estimated £206 million in lost sales.
Marks & Spencer suffered months of disruption to its online services following a separate incident, with analysts estimating a profit hit of around £300 million.
Automotive giant Jaguar Land Rover was hit by an August cyber-attack and remains in recovery mode as it works to restore its IT systems and resume full production.
The government has agreed to underwrite a £1.5 billion loan guarantee to support the company and its supply chain amid the fallout.
Harrods customers concerned about the breach have been directed to a dedicated helpline and online support portal.
The retailer has also offered guidance on best practices for safeguarding personal information, despite affirming that no account passwords or payment card data were compromised.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=The stolen data is understood to be limited to basic personal details and does not include passwords, payment information, or order history.){kind=link}