430,000 customers of London luxury department store Harrods have had their data compromised in a data breach. The perpetrators attempted to make contact, but the store refused to negotiate with the hacker group.
Harrods has made it clear that it will not negotiate with the cyber attacker responsible for the hack. This firm stance became apparent after the hackers contacted Harrods, although the company has not disclosed exactly what was communicated.
Limited impact due to third party
The company emphasizes that the stolen data comes from an external supplier and is limited to basic information. This includes names, contact details, and marketing preferences of customers who had previously provided this information. Information about Harrods loyalty cards and co-branded cards was also stolen.
“Our focus remains on informing and supporting our customers,” said a spokesperson. The company has notified all relevant authorities and is cooperating with the investigation.
Sensitive information such as passwords and payment details remained out of reach of the attackers. Furthermore, most Harrods customers shop in the physical store, meaning that only a small proportion of the customer base has been affected by the incident. Unlike Marks & Spencer and the British Coop, as well as many other victims of data breaches in the British retail sector this summer, there has been no disruption to normal sales procedures.
Read also: What can be learned from the cyberattack on Marks & Spencer
Part of a broader trend
Nevertheless, it appears once again that the summer of 2025 is characterized by data breaches. The main trend revolves around exploits of the digital supply chain. This pattern fits both the global Salesloft attack, in which OAuth tokens often led to compromises, and local incidents around the world this year. One such local incident involved the theft of around half a million test results and other personal info from Dutch women taking cervical cancer tests for a national health campaign.
In Britain itself, Jaguar Land Rover is also still struggling with production problems after a previous hack. The British government has even pledged a £1.5 billion loan guarantee to support JLR’s suppliers.
In May, Harrods was also confronted with an infiltration attempt, prompting the company to restrict internet access as a precautionary measure. According to the company, this earlier attack was unrelated to the current incident.