Luxury department store Harrods has confirmed it was contacted by hackers following a cyber-attack that exposed data from 430,000 customer records. The retailer said the breach, first revealed in an email to customers on Friday, was traced back to a third-party provider.
In a statement, Harrods stressed that no payment details, passwords or order history were compromised and said it would not engage with the “threat actor”. “Our focus remains on informing and supporting our customers. We have informed all relevant authorities and will continue to co-operate with them,” a spokesperson said.
The company added that most of its customers shop in-store, meaning only a small proportion of shoppers were affected.
What Information Was Taken
The stolen data included basic personal identifiers such as names, contact details, and information on marketing preferences and loyalty schemes. Some data related to Harrods’ co-branded cards and tie-ins with other companies was also taken.
The retailer insisted the stolen information was “unlikely to be interpreted accurately by an unauthorised third party”. Harrods also clarified that the incident was not connected to separate hacking attempts on its systems earlier this year.
Part of a Wider Pattern of Attacks
The Harrods breach is the latest in a series of cyber-attacks on major UK retailers and businesses in 2024 and 2025.
In May, Harrods was forced to restrict internet access across its stores after an attempted hack.
The same group claimed responsibility for targeting Marks & Spencer and the Co-op. Four people were later arrested in connection with the attacks.
The Co-op confirmed that 6.5 million customer records had been stolen, reporting financial losses of £206m in sales.
M&S said months of disruption to its online services would reduce profits by £300m.
Elsewhere, Jaguar Land Rover is still recovering from a major August hack that brought production to a standstill, forcing the UK government to guarantee a £1.5bn loan to protect its supply chain.
The growing number of cyber incidents has sparked warnings from security experts about the vulnerability of British businesses to increasingly sophisticated attacks.
Harrods’ Response
While the company has not disclosed the content of the hackers’ approach, its decision not to engage mirrors advice from law enforcement agencies, who warn that paying ransoms or entering negotiations can encourage further attacks.
Harrods said it would continue working with cybersecurity specialists and regulators, while urging customers to remain vigilant. “We would like to reiterate that no payment details have been accessed and the impacted personal data remains limited,” the spokesperson said.
