Hackers Reach Out to Harrods Following Cyber Attack Affecting 430,000 Customers

Harrods Refuses Hacker Contact After Breach of 430,000 Customer Records

Harrods has confirmed it will not engage with hackers who contacted the company following a data breach affecting around 430,000 customer records.

The luxury Knightsbridge department store said on Friday that its e-commerce customers were warned after one of its third-party provider systems was compromised, exposing details such as names and contact information. The retailer stressed that the incident was unrelated to previous attempts earlier this year to gain unauthorised access to its own internal systems.

In a statement issued on Sunday, Harrods said:

“We have received communications from the threat actor and will not be engaging with them. We would like to reiterate that no payment details or order history information has been accessed and that the impacted personal data remains limited to basic personal identifiers as advised previously.”

The company clarified that the exposed information was confined to names, contact details, and in some cases marketing or service labels such as loyalty tier or links to a Harrods co-branded card. It emphasised that these labels were unlikely to be accurately interpreted by unauthorised parties and that passwords and payment information were not affected.

Harrods also underlined that the stolen data originated from a third-party provider, not from its own systems.

Earlier in May, the company restricted internet access across its sites as a precaution following an attempted intrusion. Then in July, four individuals two men aged 19, a 17-year-old boy, and a 20-year-old woman were arrested in connection with cyberattacks targeting Harrods, Marks & Spencer, and the Co-op. According to the National Crime Agency, the suspects were detained on suspicion of blackmail, money laundering, offences under the Computer Misuse Act, and involvement in organised crime, before being released on bail pending further inquiries.