Particle.news

Download on the App Store

Harrods Says Hackers Are Contacting Customers After Third-Party Data Breach

The retailer reports a supplier compromise that exposed basic identifiers for roughly 430,000 online shoppers, with authorities now investigating.

Overview

  • Harrods confirms data was taken from an unnamed supplier’s system, affecting about 430,000 e-commerce records containing names, contact details, and some internal marketing labels such as loyalty tier or co-branded card affiliation.
  • The company says no passwords, payment information, or order histories were accessed, and its own systems were not compromised.
  • Harrods began notifying affected customers on September 26 and has reported the incident to relevant authorities, including the National Cyber Security Centre and the Metropolitan Police Cyber Crime unit.
  • After initially receiving messages from the threat actor, Harrods now reports some customers have been contacted directly and advises against engaging, warning of potential phishing or extortion attempts.
  • Harrods states the breach is separate from a May attempt linked to Scattered Spider, highlighting persistent supply-chain exposure facing UK retailers.