Luxury department store Harrods has confirmed a significant data breach, revealing that cybercriminals may have compromised up to 430,000 customer records following an incident involving a third-party IT provider. The retailer has received communications from the “threat actor” but has chosen not to engage, implying a possible ransom demand.
This breach was detailed in a communication sent to customers on Friday, September 26, 2025. While the incident involved basic personal information, it is important to note that sensitive details such as payment information and account passwords remain secure.
Connection to Previous Cyberattack
This breach emerges just months after Harrods was on high alert due to a series of coordinated cyberattacks targeting the UK retail sector. Notably, Harrods was among several high-profile retailers—including M&S and Co-op—targeted by the notorious hacking group known as Scattered Spider. Earlier this year, on May 1, 2025, Harrods confirmed attempts to gain unauthorized access to its internal systems, prompting a swift protective response. At that time, the company managed to secure its operations, maintaining that no customer data had been compromised.
The September 2025 Data Breach
Unfortunately, despite earlier precautions, the recent breach involved data taken from a third-party provider associated with Harrods. The retailer did not disclose the identity of this provider, signaling that attackers redirected their efforts to exploit a vulnerability along the supply chain. Harrods has emphasized that this incident is not linked to the prior unauthorized access attempts reported in May.
“The third-party provider has confirmed that this incident is isolated and contained. We are collaborating closely with them to take all necessary measures. Relevant authorities have been notified,” stated a Harrods spokesperson.
What Was Taken?
The compromised data is limited to basic identifiers such as names and contact information supplied by customers. Investigations revealed that some loyalty card details, marketing preferences, and connections to co-branded cards were also compromised. Harrods has reassured customers that its internal systems were not breached.
How to Stay Safe
To mitigate risks, customers are advised to actively monitor their financial accounts. Those affected by the breach should keep a close eye on bank statements and transaction histories, remaining vigilant against unsolicited communications—texts, calls, or emails—that could be attempts from scammers to obtain additional personal information.
Harrods has informed the appropriate authorities and continues to cooperate with them, alongside efforts to support customers affected by this recent breach.
