Harrods suffers data breach after cyberattack on 3rd-party provider
Harrods has revealed that some online shoppers' names and contact info were stolen after an IT breach on one of its third-party tech providers.
Thankfully, no passwords or payment details were exposed.
This breach is separate from an earlier 2025 incident that led Harrods to restrict internet access across its sites as a precaution.
Harrods working with provider to contain situation
Harrods has reached out to affected customers and alerted authorities while working with the provider to contain the situation.
In July 2025, four people aged 17-20 were arrested for cyberattacks targeting Harrods, Marks & Spencer, and Co-op; they're facing charges like blackmail and money laundering but are currently out on bail.
These attacks are part of a bigger campaign that has caused major disruptions for UK retailers this year—including taking down Marks & Spencer's online store for weeks and forcing Co-op to shut down parts of its IT system.