UK retail giant Harrods have revealed a new cyber security incident, when hackers compromised a third-party supplier and stole 430,000 records with sensitive e-commerce customer information.
In a statement for bleepingcomputer, the luxury department store stated that the latest incident did not belong to the May Cyber attack, which was attributed to the scattered spider.
Back in May, Herods aims to a failed cyber attack as luxury goods prohibited the company to take active action and get hackers from gaining access to their system.
That week, Herods were the third retailer to target Spider after Marx and Spencer and Co-Op. In both events, the actor with danger used dragonforce ransomware to encrypt style data (1, 2).
Herods is a London -based luxury goods department store. It conducts a full-feature e-commerce platform catering for international customers.
Recently data violations were first reported by media outlets in the UK, when Harrods informed the customers affected by the events.
Harrods told Bleepingcomputer that it “influenced e-commerce customers on Friday” that their names and contact details were compromised after violating the third party provider. The company did not disclose the name of the compromise unit.
In addition to the name and contact details, some customer records also included tags and labels used internal for marketing and other services that offer harods.
“The affected customer records may also have labels related to marketing and services distributed by Harrods,” Laxuay Goods Company says.
“These labels may include tier levels or affiliation from a harrow-branded card, although this information is unlikely to be accurately interpreted by the unauthorized third party.”
Co-branded cards are the credit card of the company’s loyalty program, including the logo and card network (American Express, Visa) and a financial institution (QNB, NBK).
They can be used to earn reward points and include various benefits, such as food credits and access to special programs.
Despite the data exposure, Harrods underlined that the leaked data does not include account passwords, payment information, or order history, and it is limited to basic personal identifiers.
The company also noted that the danger actor has approached him directly, which is possible in an attempt to remove him, but said it would not engage in communication.
The historic shop has continued its efforts to inform and support customers, and accordingly inform all the relevant officers, working closely with them.
Customers of Herod’s online shop should be cautious for fishing attacks and social engineering, and avoid clicking on the link sent via email or SMS from unknown contacts.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
