London luxury retailer Harrods has confirmed it was the target of a cyberattack, becoming the third major UK retail brand affected by cyber incidents within a week—following Marks & Spencer and Co-op.
Harrods Takes Precautionary Steps After Attempted Breach
In a statement, Harrods disclosed that threat actors recently tried to gain unauthorized access to parts of its systems. While the company has not confirmed whether a data breach occurred, it implemented immediate restrictions on internet access across its sites as a precautionary measure.
“We recently experienced attempts to gain unauthorised access to some of our systems,” Harrods stated.
“Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”
Despite the incident, all Harrods locations—including its Knightsbridge flagship, H beauty outlets, and airport stores—remain operational. Online shopping via harrods.com is also unaffected.
“Currently all sites including our Knightsbridge store, H beauty stores and airport stores remain open to welcome customers. Customers can also continue to shop via harrods.com.”
“We are not asking our customers to do anything differently at this point and we will continue to provide updates as necessary.”
The company declined to provide additional details about the nature of the attack or whether any customer or internal data had been compromised.
Retail Sector Under Pressure: M&S and Co-op Also Targeted
This latest incident follows recent cyberattacks on two other UK retail giants.
Marks & Spencer reported a cyberattack last week that disrupted its online order processing, contactless payments, and Click & Collect services. The breach was reportedly linked to threat actors using tactics associated with the group known as Scattered Spider, deploying the DragonForce ransomware strain on the M&S network.
Co-op also disclosed a cyber incident, noting unauthorized access attempts on its network. Internal communications obtained by media outlets suggest the breach may be broader than initially stated. Staff were instructed to disable VPN access and follow strict vigilance protocols.
An internal email from Co-op’s Chief Digital and Information Officer, Rob Elsey, advised employees:
“When running a Microsoft Teams call, please ensure all attendees are as expected and that users are on camera.
Don’t post sensitive information in the Teams chat function such as colleague, client, customer or member related data.”
Potential Link to Social Engineering
Although law enforcement has not released a public advisory, early indicators suggest that the recent wave of attacks may have originated through social engineering tactics. If confirmed, further official guidance is expected to follow.
