Harrods publicly disclosed on Tuesday that the luxury department store has been the victim of a recent cyberattack, marking the third such cyber incident targeting major UK retailers this month, including the devastating ransomware attack still impacting retail conglomerate Marks & Spencer.
In a statement sent to Cybernews, the London-based high-end department store said it had “recently experienced attempts to gain unauthorised access to some of our systems.”
"Our seasoned IT security team immediately took proactive steps to keep systems safe, and as a result, we have restricted internet access at our sites today,” Harrods said.
Harrods, which is currently owned by Qatar Investment Authority, further stated “all sites, including our Knightsbridge store, H beauty stores and airport stores, remain open to welcome customers,” as well as the Harrods website for online shopping.
With a net worth of more than £2.3 billion, the 90,000-square-foot department store serves roughly 100,000 people daily, or about 15 million per year, according to figures from Statista.
"We are not asking our customers to do anything differently at this point, and we will continue to provide updates as necessary," the statement concluded.
Even so, Sky News reported that one Harrods customer complained “he had been unable to pay for a purchase earlier in the day.”
Citing a 45% increase in attacks through Q1 of 2025, Dr. Darren Williams, Founder and CEO of cybersecurity firm BlackFog, pointed out that the recent attacks on UK retailers “align with the highly tuned targeting we have seen this year."
“On the heels of the Marks & Spencer attack this week, the Harrods attack highlights the escalation of cyberattacks globally and the new arms race in the use of AI for targeting high-value targets,” the data privacy and ransomware expert said.
UK retailers under siege
The Harrods intrusion attempt follows two other incidents targeting fellow UK retailers, including at Co-op supermarkets, just revealed on Wednesday, and an ongoing ransomware attack that hit retail conglomerate Marks & Spencer on Easter weekend.
Although details are light, it seems the Harrods attack has had limited impact on the department stores operations as compared to its fellow counterparts.
Marks & Spencer (M&S), which first alerted the UK’s National Cyber Security Centre (NCSC) to the unauthorized access of its networks on April 21st, has been forced to take its payment systems offline at its 1,050 UK stores and cancel thousands of online orders.
New information has led security insiders to believe the seasoned ransomware group Scattered Spider is the culprits behind the M&S attack, although the retailer has not confirmed the claim.
With threat actors freely lurking inside M&S systems since February, as first reported by Beeping Computer, it remains to be seen whether Scattered Spider will be deemed responsible for the breach of Harrods and the Co-op Group as well.
Still, even with no concrete evidence that the same threat actors carried out all three attacks, Dr. Williams said, "the attempts to gain unauthorized access to Harrods' systems are just another example of how data exfiltration is used to target and ultimately extort victims.”
“With bad actors continuing to remain latent for months – and sometimes years – before launching full-scale attacks, detecting these attacks is becoming crucial in the fight against ransomware,” Dr. Williams said.
Still struggling to mitigate the damage, earlier this week, M&S warehouse staff were instructed to stay home until further notice, and many M&S food stores have been left with empty shelves and shortages.
Meantime, the breach of the Co-op Group, a members-only cooperative of food, convenience stores, and other businesses, was also forced to shut down all of its remote systems after it discovered threat actors had infiltrated its network.
With 7,000 locations, the cooperative stated that the attack had only a "small impact" on its call centre and back office. However, an internal email, seen by the BBC, led to reports that employees have been instructed to stay alert, as the hackers may still be inside the systems.
Your email address will not be published. Required fields are markedmarked