London’s renowned department store, Harrods, has confirmed it was targeted in a cyberattack, marking it as the third major UK retailer to report such an incident within a week, following similar breaches at Marks and Spencer (M&S) and the Co-op. According to a statement shared with BleepingComputer, Harrods revealed that threat actors attempted unauthorized access to its systems, prompting the company to restrict internet access across its sites.
Harrods informed BleepingComputer: “We recently experienced attempts to gain unauthorized access to some of our systems.” In response, their experienced IT security team took immediate action to secure systems, resulting in restricted internet access at their locations. Despite this, all Harrods sites, including the flagship Knightsbridge store, H beauty stores, and airport outlets, remain open for customers. Online shopping via harrods.com continues uninterrupted.
The company reassured customers: “We are not asking our customers to do anything differently at this point and we will continue to provide updates as necessary.” Harrods has not disclosed further details regarding whether systems were breached or if data was compromised. However, the decision to limit access to certain platforms indicates an active response to the attack.
This incident follows recent cyberattacks on M&S and Co-op. M&S suffered a breach last week that disrupted its online ordering systems, contactless payments, and Click & Collect service. The attack was linked to threat actors using “Scattered Spider” tactics, deploying DragonForce ransomware on the company’s network. Meanwhile, Co-op disclosed a cyber incident, with internal communications suggesting a more extensive breach than initially reported.
No official law enforcement advisory has been issued yet, but given the involvement of social engineering tactics in the M&S and Co-op attacks, a bulletin may soon follow.
— new from BleepingComputer