Harrods warns e-commerce data may have been stolen in third-party breach
Data involved are basic identifiers such as names and contact details; no passwords or payment data affected; incident isolated to a third-party system and authorities notified.
Harrods said some of its e-commerce customers may have had personal data taken in a breach of a third-party provider's IT systems. The data involved are basic identifiers such as names and contact details, and the company said no passwords or payment information were affected. Harrods stressed its own systems were not compromised and that the incident has been contained. The retailer said it has informed affected customers and alerted the relevant authorities.
The breach underscores the risk posed by third-party providers, highlighting the importance of due diligence across supplier networks. Harrods said the incident involved a provider outside its direct control, and it has been working with the provider to ensure appropriate actions are taken. In May, Harrods restricted internet access across its sites as a precaution after an attempt to gain unauthorized access to its systems. The retailer added that the data taken came from the third party and was not connected to earlier attempts to access Harrods systems.
Two men aged 19, a 17-year-old boy, and a 20-year-old woman were arrested in July on suspicion of blackmail, money laundering and offences linked to the Computer Misuse Act, as well as participating in the activities of an organised crime group, according to the National Crime Agency. They were bailed pending further inquiries.
Harrods’ disclosure comes as Britain’s broader cyber threat landscape continues to challenge major retailers and manufacturers. Jaguar Land Rover, the country’s largest car-maker, suffered a significant hack last month that disrupted production and threatened billions in revenue. Government aides have signaled a readiness to intervene to stabilise supply chains, with discussions about options such as government-backed loans or even procuring components from suppliers to keep production afloat. Reports have suggested ministers would rule out a Covid-style furlough rescue scheme, opting instead for targeted financial support to keep suppliers solvent while production restarts.
Industry experts note the episode reinforces the need for robust third-party risk management, including continuous monitoring of provider networks and rapid notification channels in the event of breaches. Harrods said it will continue cooperating with authorities and its provider to resolve the incident and to prevent recurrence.