International

Harrods reports customer data breach amid rising UK retail cyber threats

Saturday, 27 September 2025 4:07AM UTC

Luxury retailer Harrods discloses an IT breach linked to a third-party provider, exposing customer data amid a surge in cyber-attacks targeting UK retailers in 2025. Authorities have intervened as industry experts warn of increasingly sophisticated cyber threats.

Harrods has announced that some of its customers' personal data may have been compromised in an IT breach linked to one of its third-party providers. The luxury department store disclosed that the data taken included basic personal identifiers such as names and contact details, but did not encompass sensitive information like account passwords or payment details. According to Harrods, the breach was an isolated incident, separate from earlier attempts to infiltrate its own systems earlier this year, and the company is working closely with the third party involved to contain the issue and prevent further risks. Relevant authorities have been informed as part of the response efforts.

This latest breach follows a series of cyber threats targeting major UK retailers throughout 2025. Harrods itself was affected by a cyber-attack in May, during which its IT security team restricted internet access across its premises as a precautionary measure. Despite this disruption, the department store’s physical locations and online shopping services remained operational, with no data believed to have been accessed at that time. Similar cyber-attacks recently hit other prominent retailers including Marks & Spencer and the Co-op, causing significant operational impact, particularly for M&S which saw its online store shuttered for nearly seven weeks.

In a notable development linked to these attacks, UK police arrested four individuals aged between 17 and 20 in July on suspicion of offences encompassing blackmail, money laundering, breaches of the Computer Misuse Act, and participation in organised crime groups. These arrests came following an investigation led by the National Crime Agency and its National Cyber Crime Unit. The suspects are believed to be connected to the spate of cyber-attacks that targeted Harrods alongside Marks & Spencer and the Co-op earlier in the year. Authorities have seized electronic devices to support ongoing inquiries.

Industry experts have noted the growing sophistication and persistence of cyber threats against retail giants, with groups like Scattered Spider suspected of involvement in coordinated attacks across multiple companies. The incidents have raised broader concerns within the UK retail sector about cybersecurity vulnerabilities and the effectiveness of current defence mechanisms in protecting customer data and business continuity.

As Harrods addresses this latest breach, it continues to stress that no internal systems were compromised in the recent incident and reassures customers that it is taking all necessary measures to preserve the security of their information while cooperating fully with authorities and cybersecurity specialists.

📌 Reference Map:

Paragraph 1 – ^[1], ^[2]
Paragraph 2 – ^[3], ^[5], ^[7]
Paragraph 3 – ^[4], ^[6]
Paragraph 4 – ^[7], ^[5]
Paragraph 5 – ^[1], ^[2], ^[3]

Source: Noah Wire Services

More on this

https://www.theguardian.com/business/2025/sep/26/harrods-warns-customers-their-data-may-have-been-stolen-in-it-breach - Please view link - unable to able to access data
https://www.theguardian.com/business/2025/sep/26/harrods-warns-customers-their-data-may-have-been-stolen-in-it-breach - Harrods has informed some customers that their personal data may have been compromised in an IT breach involving a third-party provider. The affected data includes names and contact details but excludes account passwords and payment information. Harrods has notified the relevant authorities and is collaborating with the third-party provider to address the incident. This breach is separate from previous attempts to access Harrods' systems earlier in the year.
https://www.theguardian.com/business/2025/may/01/harrods-latest-retailer-hit-cyber-attack-website-shops - Harrods experienced a cyber-attack in May 2025, following similar incidents at Marks & Spencer and the Co-op. The attack led to the temporary shutdown of some systems, but the website and physical stores continued to operate. Harrods' IT security team took immediate action to secure systems, including restricting internet access at its sites. The company did not request customers to take any action, indicating no data had been accessed.
https://apnews.com/article/9f9ea474a42acd147b81c5a7ff3ff05d - Four individuals were arrested in the UK for their roles in cyber-attacks targeting major British retailers, including Marks & Spencer, the Co-op, and Harrods. The suspects, aged between 17 and 20, face charges such as blackmail, money laundering, and violations of the Computer Misuse Act. The cyber-attack on Marks & Spencer in April resulted in significant operational disruptions and financial losses.
https://www.reuters.com/business/retail-consumer/harrods-latest-british-retailer-be-hit-by-cyber-attack-2025-05-01/ - Harrods became the third major UK retailer to be targeted by cyber-attacks in a two-week span, following Marks & Spencer and the Co-op. The luxury department store confirmed attempts to breach its systems and responded by restricting internet access at its locations to safeguard its systems. Despite the incident, all Harrods retail sites, including the flagship Knightsbridge store, H beauty stores, and airport outlets, remained operational, and online shopping continued.
https://www.reuters.com/business/retail-consumer/uk-police-arrest-four-connection-with-ms-co-op-cyberattacks-2025-07-10/ - UK police arrested four individuals under the age of 21 in connection with cyber-attacks that targeted major retailers Marks & Spencer, the Co-op, and Harrods. The arrests were made in London's West Midlands, and the suspects are suspected of offences including computer misuse, blackmail, money laundering, and organized crime. The National Crime Agency led the investigation and has seized electronic devices for questioning by its National Cyber Crime Unit.
https://apnews.com/article/7d3c01faa7380775598a517df4db1250 - British retailers, including Marks & Spencer and Harrods, have been facing a wave of cyber-attacks. Marks & Spencer has been grappling with an ongoing cyber incident since Easter weekend, disabling its ability to process online orders, hire new staff, or maintain regular website functions. Harrods acknowledged a cyber threat and has taken precautionary steps, including limiting internet access. The attacks, which may be linked to a group called Scattered Spider, have raised concerns in the UK retail sector following a similar incident at Co-op.

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 8

Notes: The narrative is fresh, dated September 26, 2025. It references a previous incident from May 2025, providing updated information. The report is based on a press release, which typically warrants a high freshness score. No discrepancies in figures, dates, or quotes were found. No earlier versions show different information. No recycled content or republishing across low-quality sites was identified. The update justifies a higher freshness score but should still be flagged.

Quotes check

Score: 9

Notes: The report includes direct quotes from Harrods' statement. No identical quotes appear in earlier material. No variations in quote wording were found. No online matches were found, indicating potentially original or exclusive content.

Source reliability

Score: 10

Notes: The narrative originates from The Guardian, a reputable organisation. This adds credibility to the report.

Plausability check

Score: 9

Notes: The report's claims are plausible and consistent with known information. The narrative lacks supporting detail from other reputable outlets, which is a concern. The tone and language are consistent with typical corporate communications. No excessive or off-topic detail unrelated to the claim was noted. No unusual drama or vagueness in tone was observed.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): HIGH

Summary: The narrative is fresh, with no recycled content or discrepancies. It includes original quotes and originates from a reputable source. While it lacks supporting detail from other reputable outlets, the claims are plausible and consistent with known information.

Cybersecurity
Retail
Data breach