UK retailer Harrods has confirmed it was the victim of a cyber attack that stemmed from unauthorized access to its systems.
The luxury department store said it was forced to restrict internet access as a precautionary measure after experiencing unauthorized access.
“We recently experienced attempts to gain unauthorised access to some of our systems,” the UK retailer told BleepingComputer. “Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”
UK retailer Harrods responds to a cyber attack
Harrods said its brick-and-mortar stores remained open for business, suggesting that the cyber attack had limited impact on internal operations. Customers can also continue shopping on its website, suggesting that the cyber attack was successfully mitigated.
“Currently, all sites including our Knightsbridge store, H beauty stores and airport stores remain open to welcome customers,” it stated. “Customers can also continue to shop via harrods.com.”
The UK retailer also assured customers that they did not need to take any further action, suggesting that the cyber attack did not compromise customer data. However, this assessment could change as more details come to light.
Meanwhile, the UK retailer has not disclosed if the cyber attack involved ransomware or if any extortion demands have been made. Similarly, no cybercrime gang has as yet claimed responsibility.
“Harrods’ swift move to restrict internet access was a sensible precaution, but the incident underscores a crucial point in cybersecurity: as threats grow more sophisticated, organisations must stay one step ahead by building resilience, strengthening defences, and ensuring they are prepared to respond to an ever-evolving threat landscape,” noted Lee Driver, Director of Managed Security Services at Ekco.
More UK retailers targeted by cyber attacks
The Harrods cyber attack comes hot on the heels of an apparent ransomware attack affecting UK retailer Marks & Spencer that disrupted the store’s online ordering system, contactless payment, and Click and Collect distribution service.
Another UK retailer, the Co-op, shut down its IT systems after experiencing an attempted cyber attack, which disrupted its back office and customer care operations. Subsequently, it restricted VPN access and requested that over 70,000 workers verify all meeting attendees and turn on cameras, suggesting that the breach was significant.
“When running a Microsoft Teams call, please ensure all attendees are as expected and that users are on camera,” the UK retailer said in an email to employees. “Don’t post sensitive information in the Teams chat function, such as colleague, client, customer or member-related data.”
“The close proximity of these attacks could suggest that one threat actor is responsible for all three,” suggested Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ. “Scattered Spider, who has been linked to the attack on M&S, is the most likely culprit, although not enough is known to make definitive accusations yet.”
Meanwhile, the United Kingdom’s National Cyber Security Centre (NCSC) has drawn attention to the spate of cyber attacks targeting UK retailers. However, the agency has not provided substantial insights as to the motive or origin of the cyber attacks.
“Whilst we have insights, we are not yet in a position to say if these attacks are linked, if this is a concerted campaign by a single actor or whether there is no link between them at all,” the NCSC stated.
However, it advised organizations to implement cybersecurity best practices such as enabling multi-factor authentication, monitoring suspicious activity, vetting Domain Admin, Enterprise Admin, and Cloud Admin account access.
Nonetheless, luxury retailers are lucrative targets for cyber attacks due to the vast amounts of sensitive personal and financial information, including that of wealthy clients, which is highly sought after for fraud and cyber extortion.
“Luxury retailers like Harrods are prime targets for cyberattacks,” reiterated Driver. “They hold vast amounts of sensitive customer data, and even brief downtime can result in serious brand damage. We saw this with M&S, whose share price dropped 7% after its cyber incident.”

