Hackers contact Harrods after it breach exposes hundreds of thousands of customer records
Luxury retailer Harrods has revealed hackers have contacted the company after stealing data linked to 430,000 customer records in a major cyber-attack.
The London department store confirmed the breach was traced to a third-party provider, rather than its core systems, and stressed that payment details and passwords were not compromised. Instead, the stolen files contained basic personal identifiers such as names, contact details, loyalty card information, and marketing preferences.
In a statement, Harrods said it had no intention of negotiating with the “threat actor” behind the breach. “Our focus remains on informing and supporting our customers. We have informed all relevant authorities and will continue to co-operate with them,” a spokesperson said.
The company added that the vast majority of Harrods customers continue to shop in-store, meaning only a fraction of its global customer base is thought to be affected. Still, the exposure of personal data has heightened concern, particularly as hackers directly reached out to Harrods following the theft. The retailer has not disclosed the nature of those communications.
Some of the compromised data also related to Harrods’ co-branded loyalty schemes with partner companies. According to the store, this type of information would be “unlikely to be interpreted accurately by an unauthorised third party.”
“We would like to reiterate that no payment details or order history information has been accessed and the impacted personal data remains limited to basic personal identifiers,” Harrods added.
The breach, first disclosed to customers in an email on Friday, is the latest in a growing wave of cyber-attacks against high-profile UK businesses this year.
In May, Harrods itself was forced to restrict internet access across its sites after hackers attempted to breach its systems. The same group later claimed responsibility for cyber-attacks against Marks & Spencer and Co-op.
The fallout from those incidents has been severe. Co-op confirmed in July that all 6.5 million members had their data stolen and said the attack had cost it £206m in lost sales. Marks & Spencer warned that its profits would take a £300m hit following months of online disruption.
Car giant Jaguar Land Rover has also been crippled by a hack in August that forced the shutdown of its IT networks. The government has since stepped in with a £1.5bn loan guarantee to support JLR’s suppliers, who risk collapse while production remains suspended.
Authorities have been making arrests. In July, four people were detained in connection with the hacks on Harrods, M&S and Co-op. However, the latest breach at Harrods has not been linked to those earlier cases.
For now, Harrods is moving to reassure customers and contain the damage. “The impacted data remains limited,” the retailer said, while stressing that the store’s internal systems remain secure.
The episode highlights the vulnerabilities facing even the most established and secure-seeming brands. For businesses that trade on heritage and prestige, the reputational fallout of a cyber-attack can be just as damaging as financial losses.
With hackers now directly contacting Harrods in the wake of the theft, the breach is unlikely to fade quickly from public view — and adds to a growing crisis of trust in how Britain’s biggest names protect customer data.