Harrods becomes third UK retailer this week hit by cyberattack

Harrods has confirmed that all its retail locations, including the Knightsbridge store, H beauty branches, and airport outlets, have remained operational despite the attack. (Photo: Shutterstock)

Harrods, a luxury department store in London, has confirmed that it was targeted in a cyberattack, making it as the third major UK retailer in recent days to report a similar incident. The department store said it had taken precautionary measures following attempts by threat actors to access its systems.

“We recently experienced attempts to gain unauthorised access to some of our systems,” the company said in a statement shared with BleepingComputer. “Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”

Despite the attack, Harrods confirmed that all its retail locations, including its Knightsbridge store, H beauty branches, and airport outlets, remain operational. Online shopping services also continue to operate without interruption.

Although Harrods did not disclose whether any data had been compromised, its move to limit online access indicates an ongoing mitigation process. The company has not responded to questions about the extent of the breach or potential data loss.

Security breaches spark disruption across major British retail chains

Harrods’ announcement follows similar reports from Marks & Spencer (M&S) and the Co-op. Last week, M&S confirmed it had suffered a cyberattack that was linked to ‘Scattered Spider’ tactics, involving the deployment of DragonForce ransomware. The incident disrupted several services, including its online ordering system, contactless payments, and Click & Collect. Customers have continued to face online order disruptions, with some physical stores also experiencing product shortages. Authorities are currently investigating the incident.

Separately, the Co-op reported an attempted network breach. As part of its response, staff members were required to undergo mandatory video verification during remote meetings to counter potential eavesdropping threats, reported BBC News.

UK cybersecurity watchdog National Cyber Security Centre’s (NCSC’s) chief executive Richard Horne said the recent wave of cyber incidents should be viewed as a ‘wake-up call’ for the retail sector. He told BBC News that the agency is working closely with the organisations that reported incidents “to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.”

Meanwhile, Parliament Business and Trade Committee chair Liam Byrne has written to Marks & Spencer CEO Stuart Machin seeking further details on the company’s cybersecurity framework and compliance with NCSC recommendations.

Read more: Co-op joins M&S as latest victim in wave of cyberattacks on UK retail sector